* [gentoo-commits] gentoo commit in xml/htdocs/proj/en/infrastructure: ldap.xml
@ 2007-12-18 1:29 Robin H. Johnson (robbat2)
0 siblings, 0 replies; 22+ messages in thread
From: Robin H. Johnson (robbat2) @ 2007-12-18 1:29 UTC (permalink / raw
To: gentoo-commits
robbat2 07/12/18 01:29:58
Modified: ldap.xml
Log:
First pass at cleaning up ldap.xml.
Revision Changes Path
1.17 xml/htdocs/proj/en/infrastructure/ldap.xml
file : http://sources.gentoo.org/viewcvs.py/gentoo/xml/htdocs/proj/en/infrastructure/ldap.xml?rev=1.17&view=markup
plain: http://sources.gentoo.org/viewcvs.py/gentoo/xml/htdocs/proj/en/infrastructure/ldap.xml?rev=1.17&content-type=text/plain
diff : http://sources.gentoo.org/viewcvs.py/gentoo/xml/htdocs/proj/en/infrastructure/ldap.xml?r1=1.16&r2=1.17
Index: ldap.xml
===================================================================
RCS file: /var/cvsroot/gentoo/xml/htdocs/proj/en/infrastructure/ldap.xml,v
retrieving revision 1.16
retrieving revision 1.17
diff -p -w -b -B -u -u -r1.16 -r1.17
--- ldap.xml 31 Jul 2007 07:07:03 -0000 1.16
+++ ldap.xml 18 Dec 2007 01:29:57 -0000 1.17
@@ -1,6 +1,6 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE guide SYSTEM "/dtd/guide.dtd">
-<!-- $Header: /var/cvsroot/gentoo/xml/htdocs/proj/en/infrastructure/ldap.xml,v 1.16 2007/07/31 07:07:03 robbat2 Exp $ -->
+<!-- $Header: /var/cvsroot/gentoo/xml/htdocs/proj/en/infrastructure/ldap.xml,v 1.17 2007/12/18 01:29:57 robbat2 Exp $ -->
<guide link="/proj/en/infrastructure/ldap.xml">
<title>Gentoo Infrastructure LDAP guide</title>
@@ -8,6 +8,9 @@
<author title="Author">
<mail link="lcars@gentoo.org">Andrea Barisani</mail>
</author>
+<author title="Author">
+ <mail link="robbat2@gentoo.org">Robin H. Johnson</mail>
+</author>
<author title="Editor">
<mail link="lmedinas@gmail.com">Luis Medinas</mail>
</author>
@@ -24,8 +27,8 @@ and administrators.
<!-- See http://creativecommons.org/licenses/by-sa/2.5 -->
<license/>
-<version>1.5</version>
-<date>2007-02-23</date>
+<version>1.6</version>
+<date>2007-12-17</date>
<chapter>
<title>Key Concepts</title>
@@ -64,39 +67,46 @@ see if that user is in the database and
<p>
LDAP is used by Gentoo to secure the infrastructure. Gentoo resources are spread
across the globe and LDAP gives us a central location to manage them. There are
-four levels of access or OU (organizational unit): anonymous, user, recruiters
-and infra, that are used to connect or <e>bind</e> to the LDAP database.
+four levels of access: anonymous, user, recruiter and infra that are used to
+control what can be changed in the LDAP database. These are controlled via
+special values in the gentooAccess attribute.</p>
+
+<p>
+You must connect or <e>bind</e> to the LDAP database either anonymously, or a
+known user. Binding anonymously will always grant only the anonymous level,
+while binding as a known user will grant you the level based on your user and
+potentially where you are connecting from.
</p>
<p>
-The <e>anonymous</e> OU is used for simple <e>read only</e> informational queries.
-All developers and staff can bind to LDAP as anonymous. If you don't specify an
-OU when you bind anonymous is assumed.
+The <e>anonymous</e> level is used for simple <e>read only</e> informational
+queries. All developers and staff can bind to LDAP as anonymous. If you don't
+specify a mode when you bind, anonymous is assumed.
</p>
<p>
-The <e>user</e> OU is used to add or change information in your own LDAP
-record. Things like your latitude and longitude, ssh public key and so on.
-All developers and staff are members of the user OU.
+The <e>user</e> level is used to add or change information in your own LDAP
+record. Things like your latitude and longitude, ssh public key and so on. All
+users can access the <e>user</e> level, by binding as themselves with the mode
+specified, and providing their password.
</p>
<p>
-<e>recruiters</e> is a special OU used by recruiters to create new LDAP entries
-or to alter existing ones for any user including their own. If you are a
-Recruiter you <e>must</e> bind to LDAP as 'recruiter' for any operation including
-another users record or your own.
+The <e>recruiter</e> level enables recruiters to add new users, and perform
+some administrative changes to users.
</p>
<p>
-The <e>infra</e> OU is also a special OU that is used by members of the Infrastructure
-Project to manage the various resources within Gentoo. Although this is used
-mainly for managing machine accounts, the infra OU can also alter any other users
-record.
+The <e>infra</e> level enables the infrastructure team full power over LDAP,
+and is additionally protected by only being available from ldap1.gentoo.org
+(toucan.gentoo.org).
</p>
<note>
-All write operations performed by recruiters or infra must be performed on
-ldap1.gentoo.org (roadrunner.gentoo.org).
+All write operations performed by infra must be performed on ldap1.gentoo.org
+(toucan.gentoo.org). Normal user and recruiter write operations may be
+performed on any LDAP-connected Gentoo box, however it is strongly recommended
+that you use dev.gentoo.org (woodpecker.gentoo.org).
</note>
</body>
@@ -110,11 +120,11 @@ ldap1.gentoo.org (roadrunner.gentoo.org)
<body>
<p>
-Currently we have two LDAP servers available. The <e>master</e> server and a
-<e>slave</e> server. The <e>master</e> LDAP server is reachable at
-<e>ldap1.gentoo.org</e>. The <e>slave</e> server is <e>ldap2.gentoo.org</e> and
-it connects every 60 seconds to the <e>master</e> looking up changes and
-resyncing the database if necessary.
+Currently we have three LDAP servers available. The <e>master</e> server and two
+<e>slave</e> servers. The <e>master</e> LDAP server is reachable at
+<e>ldap1.gentoo.org</e>. The <e>slave</e> servers are <e>ldap2.gentoo.org</e>,
+<e>ldap3.gentoo.org</e> and it connects every 60 seconds to the <e>master</e>
+to replicate changes from the master.
</p>
<p>
@@ -122,14 +132,14 @@ Every update operation must be done on <
(which means writing some entry) is performed on the <e>slave</e> a referral to
the <e>master</e> is issued. This is transparently handled and all attempts to
update against the slave will be redirected to the <e>master</e>. Connections
-are validated via TLS + password. The password is your toucan one and it's going
-to be the same for all LDAP_aware boxes in the future.
+are validated via TLS + password. The password is your dev one and is the same
+for all LDAP-aware boxes.
</p>
<p>
We use a custom script, <c>perl_ldap</c> that uses <e>Net::LDAP</e>, for accessing
and modifying the database, it allows only a predefined set of actions but it
-should cover 90% of the cases. In the following chapters we explain how to use it.
+should cover 95% of the cases. In the following chapters we explain how to use it.
</p>
<note>
@@ -149,9 +159,11 @@ in #gentoo-infra for help with this.
<p>
The following attributes are included in the Gentoo Schema. Note the 'Access
-Level' needed for each attribute.
+Level' needed to write each attribute. Anonymous reading is allowed unless
+otherwise noted. Required fields are emphasised.
</p>
+<!-- Please keep this list in alphabetical order, sorted by the attribute name -->
<table>
<tr>
<th>Attribute Name</th>
@@ -161,25 +173,46 @@ Level' needed for each attribute.
<th>Format</th>
</tr>
<tr>
- <ti>gentooLocation</ti>
+ <ti>birthday</ti>
+ <ti>user (not globally readable)</ti>
+ <ti>developer birthday</ti>
+ <ti>single, optional</ti>
+ <ti>UTF-8</ti>
+ </tr>
+ <tr>
+ <ti><e>gentooAccess</e></ti>
+ <ti>infra, top level recruiters only</ti>
+ <ti>developer access level</ti>
+ <ti>multiple, required</ti>
+ <ti>UTF-8</ti>
+ </tr>
+ <tr>
+ <ti>gentooAlias</ti>
<ti>infra, recruiters</ti>
- <ti>developer location</ti>
- <ti>single, required</ti>
+ <ti>alternate names for this developer</ti>
+ <ti>multiple, required</ti>
<ti>UTF-8</ti>
</tr>
<tr>
- <ti>gentooLatitude, lat</ti>
+ <ti>gentooGPGFingerprint, gpgfingerprint</ti>
<ti>user</ti>
- <ti>latitude coordinate</ti>
+ <ti>GPG key fingerprint</ti>
<ti>single, optional</ti>
- <ti>numeric string</ti>
+ <ti>UTF-8</ti>
</tr>
<tr>
- <ti>gentooLongitude, lon</ti>
+ <ti><e>gentooGPGkey, gpgkey</e></ti>
<ti>user</ti>
- <ti>longitude coordinate</ti>
- <ti>single, optional</ti>
- <ti>numeric string</ti>
+ <ti>GPG key uid</ti>
+ <ti>single, required</ti>
+ <ti>UTF-8</ti>
+ </tr>
+ <tr>
+ <ti>gentooIM</ti>
+ <ti>user</ti>
+ <ti>instant messaging ID</ti>
+ <ti>multiple, optional</ti>
+ <ti>UTF-8</ti>
</tr>
<tr>
<ti>gentooJoin</ti>
@@ -189,63 +222,66 @@ Level' needed for each attribute.
<ti>UTF-8</ti>
</tr>
<tr>
- <ti>gentooAccess</ti>
- <ti>infra, recruiters</ti>
- <ti>developer access level</ti>
- <ti>multiple, required</ti>
- <ti>UTF-8</ti>
+ <ti>gentooLatitude, lat</ti>
+ <ti>user</ti>
+ <ti>latitude coordinate</ti>
+ <ti>single, optional</ti>
+ <ti>signed decimal string</ti>
</tr>
<tr>
- <ti>gentooStatus</ti>
- <ti>infra, recruiters</ti>
- <ti>developer status</ti>
+ <ti><e>gentooLocation</e></ti>
+ <ti>user</ti>
+ <ti>developer location</ti>
<ti>single, required</ti>
<ti>UTF-8</ti>
</tr>
<tr>
- <ti>gentooGPGkey, gpgkey</ti>
+ <ti>gentooLongitude, lon</ti>
<ti>user</ti>
- <ti>gpg key uid</ti>
+ <ti>longitude coordinate</ti>
<ti>single, optional</ti>
- <ti>UTF-8</ti>
+ <ti>signed decimal string</ti>
</tr>
<tr>
- <ti>gentooGPGFingerprint, gpgfingerprint</ti>
- <ti>user</ti>
- <ti>gpg key fingerprint</ti>
+ <ti>gentooRetire</ti>
+ <ti>infra, recruiters</ti>
+ <ti>developer retirement date</ti>
<ti>single, optional</ti>
<ti>UTF-8</ti>
</tr>
<tr>
- <ti>gentooRoles</ti>
- <ti>infra,recruiters</ti>
+ <ti><e>gentooRoles</e></ti>
+ <ti>user</ti>
<ti>developer projects</ti>
- <ti>single, optional</ti>
+ <ti>single, required</ti>
<ti>UTF-8</ti>
</tr>
<tr>
- <ti>gentooHerd, herd</ti>
+ <ti><e>gentooStatus</e></ti>
<ti>infra,recruiters</ti>
- <ti>developer herd</ti>
- <ti>single, optional</ti>
+ <ti>developer status</ti>
+ <ti>single, required</ti>
<ti>UTF-8</ti>
</tr>
<tr>
- <ti>sshPublicKey</ti>
+ <ti><e>sshPublicKey</e></ti>
<ti>user</ti>
<ti>OpenSSH public key</ti>
- <ti>multiple, optional</ti>
- <ti>UTF-8</ti>
- </tr>
- <tr>
- <ti>birthday</ti>
- <ti>user</ti>
- <ti>developer birthday</ti>
- <ti>single, optional</ti>
+ <ti>multiple, required</ti>
<ti>UTF-8</ti>
</tr>
</table>
+<note>
+All dates are presently expected to be in the form DD MMMM YYYY, and are being
+being migrated to ISO8601, after which, the field will have validation enabled.
+</note>
+
+<p
+>The following attributes were in use at some point in the past, but have
+been retired: <e>gentooHerd</e>, <e>gentooAltMail</e>, <e>gentooForumsUID</e>.
+</p>
+
</body>
</section>
<section>
@@ -320,7 +356,7 @@ The following are the most common option
<ul>
<li>
- <c>-b OU</c> used to bind to the LDAP server. If you don't specify
+ <c>-b MODE</c> used to bind to the LDAP server. If you don't specify
<e>user</e>, the script will default to <e>anonymous</e> and be <e>read
only</e>.
</li>
@@ -339,7 +375,7 @@ The following are the most common option
<c>-C ATTRIBUTE NEWVALUE <username></c> creates a new attribute for
the specified user
</li>
- <li><c>-E ATTRIBUTE</c> erases an attribute</li>
+ <li><c>-E ATTRIBUTE OLDVALUE <username></c> erases an attribute</li>
</ul>
</body>
@@ -370,9 +406,13 @@ of the most commonly changed attributes.
# <i>perl_ldap -b user -M gentooGPGkey "1AF343E" <username></i>
</pre>
-<pre caption="Change your public SSH key">
-<comment>(substitute 'pubkey' with the path to your public SSH key. ex: "~/.ssh/id_dsa.pub". You should have one sshPublicKey attribute per key!)</comment>
-# <i>perl_ldap -b user -M sshPublicKey "$(cat pubkey)" <username></i>
+<pre caption="Add a new public SSH key">
+<comment>(substitute 'pubkey' with the path to your public SSH key. ex: "~/.ssh/id_dsa.pub". You should have one sshPublicKey attribute per key! No newlines!)</comment>
+# <i>perl_ldap -b user -A sshPublicKey "$(cat pubkey)" <username></i>
+</pre>
+
+<pre caption="Erase an old public SSH key">
+# <i>perl_ldap -b user -E sshPublicKey "$(cat oldpubkey)" <username></i>
</pre>
</body>
@@ -390,55 +430,43 @@ a recruiter.
</p>
<p>
-When dealing with users that belong to a sub-OU the <c>-o OU | -b OU</c> option
-must be used, this will be clarified in the examples. The command <c>-b OU</c>
-must be used if the <e>binding user</e> belongs to a sub-OU, the command
-<c>-o OU</c> must be used if <e>the target user</e> belongs to a sub-OU.
+When dealing with users that belong to a sub-OU the <c>-o OU</c> option
+must be used, this will be clarified in the examples. The command <c>-o OU</c>
+must be used if <e>the target user</e> belongs to a sub-OU.
</p>
<p>
The following examples will show you how to change attributes for users, recruiters
-and infra. All write operations performed by one user against another user
-must be performed on ldap1.gentoo.org (roadrunner.gentoo.org).
+and infra. All write operations performed by infra against another user must be
+performed on ldap1.gentoo.org (toucan.gentoo.org).
</p>
<p>
-Some attributes, like gentooRoles and sshPublickey, allow multi_values. To append an
-additional value to the exiting ones use <c>-C</c>. To overwrite the existing values
-use <c>-M</c>.
+Some attributes, like <e>sshPublickey</e>, and <e>mail</e>, allow multi-values. To append an
+additional value to the exiting ones use <c>-C</c>. You may not use <c>-M</c>
+with multi-valued attributes.
</p>
<pre caption="Modify (overwrite) an existing attribute for a user">
-# <i>perl_ldap -b recruiters -M gentooGPGkey "1AF343E" <username></i>
-</pre>
-
-<pre caption="Modify (overwrite) an existing attribute if the target user is recruiters or infra">
-# <i>perl_ldap -b recruiters -o recruiters -M gentooGPGkey "1AF343E" <username></i>
-# <i>perl_ldap -b recruiters -o infra -M gentooGPGkey "1AF343E" <username></i>
+# <i>perl_ldap -b user -M gentooGPGkey "0x1AF343EB" <username></i>
</pre>
<pre caption="Delete an attribute for a user">
-# <i>perl_ldap -b recruiters -E gentooRoles <username></i>
-
-<comment>(If value is specified then only the matching attribute is removed, this is useful for multi_valued attributes.)</comment>
-# <i>perl_ldap -b recruiters -E gentooRoles "forums" <username></i>
+# <i>perl_ldap -b user -E mail "myoldaddress@example.com" <username></i>
</pre>
-<pre caption="Add a new user">
-# <i>perl_ldap -b recruiters -A <username></i>
+<pre caption="Add a new user (infra, recruiters)">
+# <i>perl_ldap -b user -A <username></i>
</pre>
-<pre caption="Delete a user">
-# <i>perl_ldap -b recruiters -D <username></i>
+<pre caption="Delete a user (infra)">
+# <i>perl_ldap -b user -D <username></i>
</pre>
-<pre caption="Create or modify multi_value attributes">
+<pre caption="Create or modify multi-value attributes">
<comment>(Create a new attribute while preserving the existing ones. Use the command multiple times to add addtional attributes)</comment>
-# <i>perl_ldap -b recruiters -C gentooRoles "forums" <username></i>
-# <i>perl_ldap -b recruiters -C gentooRoles "devrel" <username></i>
-
-<comment>(overwrite the existing values with a new one)</comment>
-# <i>perl_ldap -b recruiters -M gentooRoles "forums" <username></i>
+# <i>perl_ldap -b user -C mail "myaltaddress@example.com" <username></i>
+# <i>perl_ldap -b user -C mail "backup@example.com" <username></i>
</pre>
</body>
@@ -449,15 +477,18 @@ use <c>-M</c>.
<p>
Infra can change their own attributes or those of another user. You <b>must</b>
-bind as <e>infra</e> to change any attributes, including your own. To change
-your own attributes use the examples from the "users" section above. To change
-another users record use the examples from the "recruiters" section.
+bind as <e>user</e> to change any attributes, including your own. To change
+your own attributes use the examples from the "users" section above from any
+LDAP-aware machine. To change another users record, you must be using perl_ldap
+from ldap1.gentoo.org.
</p>
<p>
The attribute <c>gentooAccess</c> controls which boxes a user can login to. Only
infra and a few selected recruiters are allowed to create and modify this
-multi_value attribute. The FQDN must be used (ex. roadrunner.gentoo.org).
+multi-value attribute. The FQDN must be used (ex. roadrunner.gentoo.org).
+Some special values also exist: infra.group, infra-ldapadmin.group,
+infra-cvsadmin.group, infra-system.group, recruiters.group.
</p>
</body>
@@ -472,6 +503,7 @@ multi_value attribute. The FQDN must be
<ul>
<li>Master LDAP Server - ldap1.gentoo.org</li>
<li>Slave LDAP Server - ldap2.gentoo.org</li>
+ <li>Slave LDAP Server - ldap3.gentoo.org</li>
<li><uri link="http://www.tldp.org/HOWTO/html_single/LDAP-HOWTO">LDAP HOWTO</uri></li>
</ul>
--
gentoo-commits@gentoo.org mailing list
^ permalink raw reply [flat|nested] 22+ messages in thread
* [gentoo-commits] gentoo commit in xml/htdocs/proj/en/infrastructure: ldap.xml
@ 2007-12-18 1:42 Robin H. Johnson (robbat2)
0 siblings, 0 replies; 22+ messages in thread
From: Robin H. Johnson (robbat2) @ 2007-12-18 1:42 UTC (permalink / raw
To: gentoo-commits
robbat2 07/12/18 01:42:08
Modified: ldap.xml
Log:
Get rid of old toucan.g.o mention, and change a chapter title.
Revision Changes Path
1.18 xml/htdocs/proj/en/infrastructure/ldap.xml
file : http://sources.gentoo.org/viewcvs.py/gentoo/xml/htdocs/proj/en/infrastructure/ldap.xml?rev=1.18&view=markup
plain: http://sources.gentoo.org/viewcvs.py/gentoo/xml/htdocs/proj/en/infrastructure/ldap.xml?rev=1.18&content-type=text/plain
diff : http://sources.gentoo.org/viewcvs.py/gentoo/xml/htdocs/proj/en/infrastructure/ldap.xml?r1=1.17&r2=1.18
Index: ldap.xml
===================================================================
RCS file: /var/cvsroot/gentoo/xml/htdocs/proj/en/infrastructure/ldap.xml,v
retrieving revision 1.17
retrieving revision 1.18
diff -p -w -b -B -u -u -r1.17 -r1.18
--- ldap.xml 18 Dec 2007 01:29:57 -0000 1.17
+++ ldap.xml 18 Dec 2007 01:42:07 -0000 1.18
@@ -1,6 +1,6 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE guide SYSTEM "/dtd/guide.dtd">
-<!-- $Header: /var/cvsroot/gentoo/xml/htdocs/proj/en/infrastructure/ldap.xml,v 1.17 2007/12/18 01:29:57 robbat2 Exp $ -->
+<!-- $Header: /var/cvsroot/gentoo/xml/htdocs/proj/en/infrastructure/ldap.xml,v 1.18 2007/12/18 01:42:07 robbat2 Exp $ -->
<guide link="/proj/en/infrastructure/ldap.xml">
<title>Gentoo Infrastructure LDAP guide</title>
@@ -53,15 +53,16 @@ for modifying the Gentoo LDAP Schema.
</p>
<p>
-When a developer accesses a resource, like toucan (aka dev.gentoo.org), the
-resource acts as an LDAP client and queries the LDAP server (ldap1 or ldap2) to
-see if that user is in the database and authorized for access.
+When a developer accesses a resource, like dev.gentoo.org
+(woodpecker.gentoo.org), the resource acts as an LDAP client and queries the
+LDAP server (ldap1, ldap2, ldap3) to see if that user is in the database and
+authorized for access.
</p>
</body>
</section>
<section>
-<title>Organizational Units</title>
+<title>LDAP Access Levels</title>
<body>
<p>
--
gentoo-commits@gentoo.org mailing list
^ permalink raw reply [flat|nested] 22+ messages in thread
* [gentoo-commits] gentoo commit in xml/htdocs/proj/en/infrastructure: ldap.xml
@ 2007-12-23 23:31 Robin H. Johnson (robbat2)
0 siblings, 0 replies; 22+ messages in thread
From: Robin H. Johnson (robbat2) @ 2007-12-23 23:31 UTC (permalink / raw
To: gentoo-commits
robbat2 07/12/23 23:31:41
Modified: ldap.xml
Log:
Fix typo.
Revision Changes Path
1.19 xml/htdocs/proj/en/infrastructure/ldap.xml
file : http://sources.gentoo.org/viewcvs.py/gentoo/xml/htdocs/proj/en/infrastructure/ldap.xml?rev=1.19&view=markup
plain: http://sources.gentoo.org/viewcvs.py/gentoo/xml/htdocs/proj/en/infrastructure/ldap.xml?rev=1.19&content-type=text/plain
diff : http://sources.gentoo.org/viewcvs.py/gentoo/xml/htdocs/proj/en/infrastructure/ldap.xml?r1=1.18&r2=1.19
Index: ldap.xml
===================================================================
RCS file: /var/cvsroot/gentoo/xml/htdocs/proj/en/infrastructure/ldap.xml,v
retrieving revision 1.18
retrieving revision 1.19
diff -p -w -b -B -u -u -r1.18 -r1.19
--- ldap.xml 18 Dec 2007 01:42:07 -0000 1.18
+++ ldap.xml 23 Dec 2007 23:31:41 -0000 1.19
@@ -1,6 +1,6 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE guide SYSTEM "/dtd/guide.dtd">
-<!-- $Header: /var/cvsroot/gentoo/xml/htdocs/proj/en/infrastructure/ldap.xml,v 1.18 2007/12/18 01:42:07 robbat2 Exp $ -->
+<!-- $Header: /var/cvsroot/gentoo/xml/htdocs/proj/en/infrastructure/ldap.xml,v 1.19 2007/12/23 23:31:41 robbat2 Exp $ -->
<guide link="/proj/en/infrastructure/ldap.xml">
<title>Gentoo Infrastructure LDAP guide</title>
@@ -409,7 +409,7 @@ of the most commonly changed attributes.
<pre caption="Add a new public SSH key">
<comment>(substitute 'pubkey' with the path to your public SSH key. ex: "~/.ssh/id_dsa.pub". You should have one sshPublicKey attribute per key! No newlines!)</comment>
-# <i>perl_ldap -b user -A sshPublicKey "$(cat pubkey)" <username></i>
+# <i>perl_ldap -b user -C sshPublicKey "$(cat pubkey)" <username></i>
</pre>
<pre caption="Erase an old public SSH key">
--
gentoo-commits@gentoo.org mailing list
^ permalink raw reply [flat|nested] 22+ messages in thread
* [gentoo-commits] gentoo commit in xml/htdocs/proj/en/infrastructure: ldap.xml
@ 2008-10-03 21:57 Robin H. Johnson (robbat2)
0 siblings, 0 replies; 22+ messages in thread
From: Robin H. Johnson (robbat2) @ 2008-10-03 21:57 UTC (permalink / raw
To: gentoo-commits
robbat2 08/10/03 21:57:27
Modified: ldap.xml
Log:
Update documentation to note that the gpg attributes as well as gentooJoin/Retire are multi-valued. Dates must now be in ISO8601. Also update the list of hosts.
Revision Changes Path
1.20 xml/htdocs/proj/en/infrastructure/ldap.xml
file : http://sources.gentoo.org/viewcvs.py/gentoo/xml/htdocs/proj/en/infrastructure/ldap.xml?rev=1.20&view=markup
plain: http://sources.gentoo.org/viewcvs.py/gentoo/xml/htdocs/proj/en/infrastructure/ldap.xml?rev=1.20&content-type=text/plain
diff : http://sources.gentoo.org/viewcvs.py/gentoo/xml/htdocs/proj/en/infrastructure/ldap.xml?r1=1.19&r2=1.20
Index: ldap.xml
===================================================================
RCS file: /var/cvsroot/gentoo/xml/htdocs/proj/en/infrastructure/ldap.xml,v
retrieving revision 1.19
retrieving revision 1.20
diff -p -w -b -B -u -u -r1.19 -r1.20
--- ldap.xml 23 Dec 2007 23:31:41 -0000 1.19
+++ ldap.xml 3 Oct 2008 21:57:26 -0000 1.20
@@ -1,6 +1,6 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE guide SYSTEM "/dtd/guide.dtd">
-<!-- $Header: /var/cvsroot/gentoo/xml/htdocs/proj/en/infrastructure/ldap.xml,v 1.19 2007/12/23 23:31:41 robbat2 Exp $ -->
+<!-- $Header: /var/cvsroot/gentoo/xml/htdocs/proj/en/infrastructure/ldap.xml,v 1.20 2008/10/03 21:57:26 robbat2 Exp $ -->
<guide link="/proj/en/infrastructure/ldap.xml">
<title>Gentoo Infrastructure LDAP guide</title>
@@ -198,14 +198,14 @@ otherwise noted. Required fields are emp
<ti>gentooGPGFingerprint, gpgfingerprint</ti>
<ti>user</ti>
<ti>GPG key fingerprint</ti>
- <ti>single, optional</ti>
+ <ti>multiple, optional</ti>
<ti>UTF-8</ti>
</tr>
<tr>
<ti><e>gentooGPGkey, gpgkey</e></ti>
<ti>user</ti>
<ti>GPG key uid</ti>
- <ti>single, required</ti>
+ <ti>multiple, required</ti>
<ti>UTF-8</ti>
</tr>
<tr>
@@ -219,7 +219,7 @@ otherwise noted. Required fields are emp
<ti>gentooJoin</ti>
<ti>infra, recruiters</ti>
<ti>developer join date</ti>
- <ti>single, optional</ti>
+ <ti>multiple, required</ti>
<ti>UTF-8</ti>
</tr>
<tr>
@@ -247,7 +247,7 @@ otherwise noted. Required fields are emp
<ti>gentooRetire</ti>
<ti>infra, recruiters</ti>
<ti>developer retirement date</ti>
- <ti>single, optional</ti>
+ <ti>multiple, optional</ti>
<ti>UTF-8</ti>
</tr>
<tr>
@@ -274,8 +274,7 @@ otherwise noted. Required fields are emp
</table>
<note>
-All dates are presently expected to be in the form DD MMMM YYYY, and are being
-being migrated to ISO8601, after which, the field will have validation enabled.
+All dates must be formatted as ISO8601, YYYY/MM/DD.
</note>
<p
@@ -301,7 +300,7 @@ be migrated and this guide will be updat
<th>Status</th>
</tr>
<tr>
- <ti>roadrunner.gentoo.org</ti>
+ <ti>dunlin.gentoo.org</ti>
<ti>ldap1.gentoo.org</ti>
<ti>LDAP Master Server, LDAP client: accounts, sudo, ssh</ti>
</tr>
@@ -311,13 +310,13 @@ be migrated and this guide will be updat
<ti>LDAP Slave Server</ti>
</tr>
<tr>
- <ti>woodpecker.gentoo.org</ti>
- <ti>dev.gentoo.org</ti>
- <ti>LDAP client: accounts, sudo, ssh</ti>
+ <ti>corvid.gentoo.org</ti>
+ <ti>ldap3.gentoo.org</ti>
+ <ti>LDAP Slave Server</ti>
</tr>
<tr>
- <ti>robin.gentoo.org</ti>
- <ti>lists.gentoo.org</ti>
+ <ti>woodpecker.gentoo.org</ti>
+ <ti>dev.gentoo.org</ti>
<ti>LDAP client: accounts, sudo, ssh</ti>
</tr>
<tr>
^ permalink raw reply [flat|nested] 22+ messages in thread
* [gentoo-commits] gentoo commit in xml/htdocs/proj/en/infrastructure: ldap.xml
@ 2008-10-03 21:59 Robin H. Johnson (robbat2)
0 siblings, 0 replies; 22+ messages in thread
From: Robin H. Johnson (robbat2) @ 2008-10-03 21:59 UTC (permalink / raw
To: gentoo-commits
robbat2 08/10/03 21:59:07
Modified: ldap.xml
Log:
more host updates.
Revision Changes Path
1.21 xml/htdocs/proj/en/infrastructure/ldap.xml
file : http://sources.gentoo.org/viewcvs.py/gentoo/xml/htdocs/proj/en/infrastructure/ldap.xml?rev=1.21&view=markup
plain: http://sources.gentoo.org/viewcvs.py/gentoo/xml/htdocs/proj/en/infrastructure/ldap.xml?rev=1.21&content-type=text/plain
diff : http://sources.gentoo.org/viewcvs.py/gentoo/xml/htdocs/proj/en/infrastructure/ldap.xml?r1=1.20&r2=1.21
Index: ldap.xml
===================================================================
RCS file: /var/cvsroot/gentoo/xml/htdocs/proj/en/infrastructure/ldap.xml,v
retrieving revision 1.20
retrieving revision 1.21
diff -p -w -b -B -u -u -r1.20 -r1.21
--- ldap.xml 3 Oct 2008 21:57:26 -0000 1.20
+++ ldap.xml 3 Oct 2008 21:59:06 -0000 1.21
@@ -1,6 +1,6 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE guide SYSTEM "/dtd/guide.dtd">
-<!-- $Header: /var/cvsroot/gentoo/xml/htdocs/proj/en/infrastructure/ldap.xml,v 1.20 2008/10/03 21:57:26 robbat2 Exp $ -->
+<!-- $Header: /var/cvsroot/gentoo/xml/htdocs/proj/en/infrastructure/ldap.xml,v 1.21 2008/10/03 21:59:06 robbat2 Exp $ -->
<guide link="/proj/en/infrastructure/ldap.xml">
<title>Gentoo Infrastructure LDAP guide</title>
@@ -438,7 +438,7 @@ must be used if <e>the target user</e> b
<p>
The following examples will show you how to change attributes for users, recruiters
and infra. All write operations performed by infra against another user must be
-performed on ldap1.gentoo.org (toucan.gentoo.org).
+performed on dev.gentoo.org (woodpecker.gentoo.org).
</p>
<p>
@@ -480,7 +480,7 @@ Infra can change their own attributes or
bind as <e>user</e> to change any attributes, including your own. To change
your own attributes use the examples from the "users" section above from any
LDAP-aware machine. To change another users record, you must be using perl_ldap
-from ldap1.gentoo.org.
+from ldap1.gentoo.org (dunlin.gentoo.org).
</p>
<p>
^ permalink raw reply [flat|nested] 22+ messages in thread
* [gentoo-commits] gentoo commit in xml/htdocs/proj/en/infrastructure: ldap.xml
@ 2008-10-12 10:57 Robin H. Johnson (robbat2)
0 siblings, 0 replies; 22+ messages in thread
From: Robin H. Johnson (robbat2) @ 2008-10-12 10:57 UTC (permalink / raw
To: gentoo-commits
robbat2 08/10/12 10:57:23
Modified: ldap.xml
Log:
Make it easier for recruiters to reset passwords now.
Revision Changes Path
1.22 xml/htdocs/proj/en/infrastructure/ldap.xml
file : http://sources.gentoo.org/viewcvs.py/gentoo/xml/htdocs/proj/en/infrastructure/ldap.xml?rev=1.22&view=markup
plain: http://sources.gentoo.org/viewcvs.py/gentoo/xml/htdocs/proj/en/infrastructure/ldap.xml?rev=1.22&content-type=text/plain
diff : http://sources.gentoo.org/viewcvs.py/gentoo/xml/htdocs/proj/en/infrastructure/ldap.xml?r1=1.21&r2=1.22
Index: ldap.xml
===================================================================
RCS file: /var/cvsroot/gentoo/xml/htdocs/proj/en/infrastructure/ldap.xml,v
retrieving revision 1.21
retrieving revision 1.22
diff -p -w -b -B -u -u -r1.21 -r1.22
--- ldap.xml 3 Oct 2008 21:59:06 -0000 1.21
+++ ldap.xml 12 Oct 2008 10:57:23 -0000 1.22
@@ -1,6 +1,6 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE guide SYSTEM "/dtd/guide.dtd">
-<!-- $Header: /var/cvsroot/gentoo/xml/htdocs/proj/en/infrastructure/ldap.xml,v 1.21 2008/10/03 21:59:06 robbat2 Exp $ -->
+<!-- $Header: /var/cvsroot/gentoo/xml/htdocs/proj/en/infrastructure/ldap.xml,v 1.22 2008/10/12 10:57:23 robbat2 Exp $ -->
<guide link="/proj/en/infrastructure/ldap.xml">
<title>Gentoo Infrastructure LDAP guide</title>
@@ -469,6 +469,14 @@ with multi-valued attributes.
# <i>perl_ldap -b user -C mail "backup@example.com" <username></i>
</pre>
+<pre caption="Reset a user password">
+<comment>Only available to senior recruiters and infrastructure admins in the
+useradmin group on woodpecker, as well as either the recruiters or
+infra-ldapadmin groups in LDAP. The new password will NOT be shown to
+you, it will only be placed in /home/<username>/passwd.</comment>
+# <i>sudo /usr/local/bin/newpasswd <username></i>
+</pre>
+
</body>
</section>
<section>
^ permalink raw reply [flat|nested] 22+ messages in thread
* [gentoo-commits] gentoo commit in xml/htdocs/proj/en/infrastructure: ldap.xml
@ 2008-10-12 11:16 Robin H. Johnson (robbat2)
0 siblings, 0 replies; 22+ messages in thread
From: Robin H. Johnson (robbat2) @ 2008-10-12 11:16 UTC (permalink / raw
To: gentoo-commits
robbat2 08/10/12 11:16:58
Modified: ldap.xml
Log:
Clarify password.
Revision Changes Path
1.23 xml/htdocs/proj/en/infrastructure/ldap.xml
file : http://sources.gentoo.org/viewcvs.py/gentoo/xml/htdocs/proj/en/infrastructure/ldap.xml?rev=1.23&view=markup
plain: http://sources.gentoo.org/viewcvs.py/gentoo/xml/htdocs/proj/en/infrastructure/ldap.xml?rev=1.23&content-type=text/plain
diff : http://sources.gentoo.org/viewcvs.py/gentoo/xml/htdocs/proj/en/infrastructure/ldap.xml?r1=1.22&r2=1.23
Index: ldap.xml
===================================================================
RCS file: /var/cvsroot/gentoo/xml/htdocs/proj/en/infrastructure/ldap.xml,v
retrieving revision 1.22
retrieving revision 1.23
diff -p -w -b -B -u -u -r1.22 -r1.23
--- ldap.xml 12 Oct 2008 10:57:23 -0000 1.22
+++ ldap.xml 12 Oct 2008 11:16:58 -0000 1.23
@@ -1,6 +1,6 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE guide SYSTEM "/dtd/guide.dtd">
-<!-- $Header: /var/cvsroot/gentoo/xml/htdocs/proj/en/infrastructure/ldap.xml,v 1.22 2008/10/12 10:57:23 robbat2 Exp $ -->
+<!-- $Header: /var/cvsroot/gentoo/xml/htdocs/proj/en/infrastructure/ldap.xml,v 1.23 2008/10/12 11:16:58 robbat2 Exp $ -->
<guide link="/proj/en/infrastructure/ldap.xml">
<title>Gentoo Infrastructure LDAP guide</title>
@@ -472,8 +472,9 @@ with multi-valued attributes.
<pre caption="Reset a user password">
<comment>Only available to senior recruiters and infrastructure admins in the
useradmin group on woodpecker, as well as either the recruiters or
-infra-ldapadmin groups in LDAP. The new password will NOT be shown to
-you, it will only be placed in /home/<username>/passwd.</comment>
+infra-ldapadmin groups in LDAP. You will be prompted for YOUR password. The new
+user password will NOT be shown to you, it will only be placed in
+/home/<username>/passwd.</comment>
# <i>sudo /usr/local/bin/newpasswd <username></i>
</pre>
^ permalink raw reply [flat|nested] 22+ messages in thread
* [gentoo-commits] gentoo commit in xml/htdocs/proj/en/infrastructure: ldap.xml
@ 2008-10-12 11:20 Robin H. Johnson (robbat2)
0 siblings, 0 replies; 22+ messages in thread
From: Robin H. Johnson (robbat2) @ 2008-10-12 11:20 UTC (permalink / raw
To: gentoo-commits
robbat2 08/10/12 11:20:29
Modified: ldap.xml
Log:
Bump version for translators.
Revision Changes Path
1.24 xml/htdocs/proj/en/infrastructure/ldap.xml
file : http://sources.gentoo.org/viewcvs.py/gentoo/xml/htdocs/proj/en/infrastructure/ldap.xml?rev=1.24&view=markup
plain: http://sources.gentoo.org/viewcvs.py/gentoo/xml/htdocs/proj/en/infrastructure/ldap.xml?rev=1.24&content-type=text/plain
diff : http://sources.gentoo.org/viewcvs.py/gentoo/xml/htdocs/proj/en/infrastructure/ldap.xml?r1=1.23&r2=1.24
Index: ldap.xml
===================================================================
RCS file: /var/cvsroot/gentoo/xml/htdocs/proj/en/infrastructure/ldap.xml,v
retrieving revision 1.23
retrieving revision 1.24
diff -p -w -b -B -u -u -r1.23 -r1.24
--- ldap.xml 12 Oct 2008 11:16:58 -0000 1.23
+++ ldap.xml 12 Oct 2008 11:20:29 -0000 1.24
@@ -1,6 +1,6 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE guide SYSTEM "/dtd/guide.dtd">
-<!-- $Header: /var/cvsroot/gentoo/xml/htdocs/proj/en/infrastructure/ldap.xml,v 1.23 2008/10/12 11:16:58 robbat2 Exp $ -->
+<!-- $Header: /var/cvsroot/gentoo/xml/htdocs/proj/en/infrastructure/ldap.xml,v 1.24 2008/10/12 11:20:29 robbat2 Exp $ -->
<guide link="/proj/en/infrastructure/ldap.xml">
<title>Gentoo Infrastructure LDAP guide</title>
@@ -27,8 +27,8 @@ and administrators.
<!-- See http://creativecommons.org/licenses/by-sa/2.5 -->
<license/>
-<version>1.6</version>
-<date>2007-12-17</date>
+<version>1.8</version>
+<date>2008-10-12</date>
<chapter>
<title>Key Concepts</title>
^ permalink raw reply [flat|nested] 22+ messages in thread
* [gentoo-commits] gentoo commit in xml/htdocs/proj/en/infrastructure: ldap.xml
@ 2008-10-12 11:22 Robin H. Johnson (robbat2)
0 siblings, 0 replies; 22+ messages in thread
From: Robin H. Johnson (robbat2) @ 2008-10-12 11:22 UTC (permalink / raw
To: gentoo-commits
robbat2 08/10/12 11:22:16
Modified: ldap.xml
Log:
Add ldap4.
Revision Changes Path
1.25 xml/htdocs/proj/en/infrastructure/ldap.xml
file : http://sources.gentoo.org/viewcvs.py/gentoo/xml/htdocs/proj/en/infrastructure/ldap.xml?rev=1.25&view=markup
plain: http://sources.gentoo.org/viewcvs.py/gentoo/xml/htdocs/proj/en/infrastructure/ldap.xml?rev=1.25&content-type=text/plain
diff : http://sources.gentoo.org/viewcvs.py/gentoo/xml/htdocs/proj/en/infrastructure/ldap.xml?r1=1.24&r2=1.25
Index: ldap.xml
===================================================================
RCS file: /var/cvsroot/gentoo/xml/htdocs/proj/en/infrastructure/ldap.xml,v
retrieving revision 1.24
retrieving revision 1.25
diff -p -w -b -B -u -u -r1.24 -r1.25
--- ldap.xml 12 Oct 2008 11:20:29 -0000 1.24
+++ ldap.xml 12 Oct 2008 11:22:16 -0000 1.25
@@ -1,6 +1,6 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE guide SYSTEM "/dtd/guide.dtd">
-<!-- $Header: /var/cvsroot/gentoo/xml/htdocs/proj/en/infrastructure/ldap.xml,v 1.24 2008/10/12 11:20:29 robbat2 Exp $ -->
+<!-- $Header: /var/cvsroot/gentoo/xml/htdocs/proj/en/infrastructure/ldap.xml,v 1.25 2008/10/12 11:22:16 robbat2 Exp $ -->
<guide link="/proj/en/infrastructure/ldap.xml">
<title>Gentoo Infrastructure LDAP guide</title>
@@ -27,7 +27,7 @@ and administrators.
<!-- See http://creativecommons.org/licenses/by-sa/2.5 -->
<license/>
-<version>1.8</version>
+<version>1.9</version>
<date>2008-10-12</date>
<chapter>
@@ -55,7 +55,7 @@ for modifying the Gentoo LDAP Schema.
<p>
When a developer accesses a resource, like dev.gentoo.org
(woodpecker.gentoo.org), the resource acts as an LDAP client and queries the
-LDAP server (ldap1, ldap2, ldap3) to see if that user is in the database and
+LDAP server (ldap1, ldap2, ldap3, ldap4) to see if that user is in the database and
authorized for access.
</p>
@@ -124,8 +124,8 @@ that you use dev.gentoo.org (woodpecker.
Currently we have three LDAP servers available. The <e>master</e> server and two
<e>slave</e> servers. The <e>master</e> LDAP server is reachable at
<e>ldap1.gentoo.org</e>. The <e>slave</e> servers are <e>ldap2.gentoo.org</e>,
-<e>ldap3.gentoo.org</e> and it connects every 60 seconds to the <e>master</e>
-to replicate changes from the master.
+<e>ldap3.gentoo.org</e>, <e>ldap4.gentoo.org</e> and they connect every 60
+seconds to the <e>master</e> to replicate changes from the master.
</p>
<p>
@@ -315,6 +315,11 @@ be migrated and this guide will be updat
<ti>LDAP Slave Server</ti>
</tr>
<tr>
+ <ti>puffin.gentoo.org</ti>
+ <ti>ldap4.gentoo.org</ti>
+ <ti>LDAP Slave Server</ti>
+ </tr>
+ <tr>
<ti>woodpecker.gentoo.org</ti>
<ti>dev.gentoo.org</ti>
<ti>LDAP client: accounts, sudo, ssh</ti>
@@ -513,6 +518,7 @@ infra-cvsadmin.group, infra-system.group
<li>Master LDAP Server - ldap1.gentoo.org</li>
<li>Slave LDAP Server - ldap2.gentoo.org</li>
<li>Slave LDAP Server - ldap3.gentoo.org</li>
+ <li>Slave LDAP Server - ldap4.gentoo.org</li>
<li><uri link="http://www.tldp.org/HOWTO/html_single/LDAP-HOWTO">LDAP HOWTO</uri></li>
</ul>
^ permalink raw reply [flat|nested] 22+ messages in thread
* [gentoo-commits] gentoo commit in xml/htdocs/proj/en/infrastructure: ldap.xml
@ 2009-01-17 10:52 Robin H. Johnson (robbat2)
0 siblings, 0 replies; 22+ messages in thread
From: Robin H. Johnson (robbat2) @ 2009-01-17 10:52 UTC (permalink / raw
To: gentoo-commits
robbat2 09/01/17 10:52:58
Modified: ldap.xml
Log:
Wrap some text per request from pva.
Revision Changes Path
1.26 xml/htdocs/proj/en/infrastructure/ldap.xml
file : http://sources.gentoo.org/viewcvs.py/gentoo/xml/htdocs/proj/en/infrastructure/ldap.xml?rev=1.26&view=markup
plain: http://sources.gentoo.org/viewcvs.py/gentoo/xml/htdocs/proj/en/infrastructure/ldap.xml?rev=1.26&content-type=text/plain
diff : http://sources.gentoo.org/viewcvs.py/gentoo/xml/htdocs/proj/en/infrastructure/ldap.xml?r1=1.25&r2=1.26
Index: ldap.xml
===================================================================
RCS file: /var/cvsroot/gentoo/xml/htdocs/proj/en/infrastructure/ldap.xml,v
retrieving revision 1.25
retrieving revision 1.26
diff -p -w -b -B -u -u -r1.25 -r1.26
--- ldap.xml 12 Oct 2008 11:22:16 -0000 1.25
+++ ldap.xml 17 Jan 2009 10:52:58 -0000 1.26
@@ -1,6 +1,6 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE guide SYSTEM "/dtd/guide.dtd">
-<!-- $Header: /var/cvsroot/gentoo/xml/htdocs/proj/en/infrastructure/ldap.xml,v 1.25 2008/10/12 11:22:16 robbat2 Exp $ -->
+<!-- $Header: /var/cvsroot/gentoo/xml/htdocs/proj/en/infrastructure/ldap.xml,v 1.26 2009/01/17 10:52:58 robbat2 Exp $ -->
<guide link="/proj/en/infrastructure/ldap.xml">
<title>Gentoo Infrastructure LDAP guide</title>
@@ -412,7 +412,8 @@ of the most commonly changed attributes.
</pre>
<pre caption="Add a new public SSH key">
-<comment>(substitute 'pubkey' with the path to your public SSH key. ex: "~/.ssh/id_dsa.pub". You should have one sshPublicKey attribute per key! No newlines!)</comment>
+<comment>(substitute 'pubkey' with the path to your public SSH key. ex: "~/.ssh/id_dsa.pub".
+You should have one sshPublicKey attribute per key! No newlines!)</comment>
# <i>perl_ldap -b user -C sshPublicKey "$(cat pubkey)" <username></i>
</pre>
@@ -469,17 +470,18 @@ with multi-valued attributes.
</pre>
<pre caption="Create or modify multi-value attributes">
-<comment>(Create a new attribute while preserving the existing ones. Use the command multiple times to add addtional attributes)</comment>
+<comment>(Create a new attribute while preserving the existing ones.
+Use the command multiple times to add addtional attributes)</comment>
# <i>perl_ldap -b user -C mail "myaltaddress@example.com" <username></i>
# <i>perl_ldap -b user -C mail "backup@example.com" <username></i>
</pre>
<pre caption="Reset a user password">
-<comment>Only available to senior recruiters and infrastructure admins in the
+<comment>(Only available to senior recruiters and infrastructure admins in the
useradmin group on woodpecker, as well as either the recruiters or
infra-ldapadmin groups in LDAP. You will be prompted for YOUR password. The new
user password will NOT be shown to you, it will only be placed in
-/home/<username>/passwd.</comment>
+/home/<username>/passwd.)</comment>
# <i>sudo /usr/local/bin/newpasswd <username></i>
</pre>
^ permalink raw reply [flat|nested] 22+ messages in thread
* [gentoo-commits] gentoo commit in xml/htdocs/proj/en/infrastructure: ldap.xml
@ 2009-10-07 11:08 Sebastian Pipping (sping)
0 siblings, 0 replies; 22+ messages in thread
From: Sebastian Pipping (sping) @ 2009-10-07 11:08 UTC (permalink / raw
To: gentoo-commits
sping 09/10/07 11:08:41
Modified: ldap.xml
Log:
Fix number of LDAP servers
Revision Changes Path
1.27 xml/htdocs/proj/en/infrastructure/ldap.xml
file : http://sources.gentoo.org/viewcvs.py/gentoo/xml/htdocs/proj/en/infrastructure/ldap.xml?rev=1.27&view=markup
plain: http://sources.gentoo.org/viewcvs.py/gentoo/xml/htdocs/proj/en/infrastructure/ldap.xml?rev=1.27&content-type=text/plain
diff : http://sources.gentoo.org/viewcvs.py/gentoo/xml/htdocs/proj/en/infrastructure/ldap.xml?r1=1.26&r2=1.27
Index: ldap.xml
===================================================================
RCS file: /var/cvsroot/gentoo/xml/htdocs/proj/en/infrastructure/ldap.xml,v
retrieving revision 1.26
retrieving revision 1.27
diff -u -r1.26 -r1.27
--- ldap.xml 17 Jan 2009 10:52:58 -0000 1.26
+++ ldap.xml 7 Oct 2009 11:08:40 -0000 1.27
@@ -1,6 +1,6 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE guide SYSTEM "/dtd/guide.dtd">
-<!-- $Header: /var/cvsroot/gentoo/xml/htdocs/proj/en/infrastructure/ldap.xml,v 1.26 2009/01/17 10:52:58 robbat2 Exp $ -->
+<!-- $Header: /var/cvsroot/gentoo/xml/htdocs/proj/en/infrastructure/ldap.xml,v 1.27 2009/10/07 11:08:40 sping Exp $ -->
<guide link="/proj/en/infrastructure/ldap.xml">
<title>Gentoo Infrastructure LDAP guide</title>
@@ -121,7 +121,7 @@
<body>
<p>
-Currently we have three LDAP servers available. The <e>master</e> server and two
+Currently we have four LDAP servers available. The <e>master</e> server and three
<e>slave</e> servers. The <e>master</e> LDAP server is reachable at
<e>ldap1.gentoo.org</e>. The <e>slave</e> servers are <e>ldap2.gentoo.org</e>,
<e>ldap3.gentoo.org</e>, <e>ldap4.gentoo.org</e> and they connect every 60
^ permalink raw reply [flat|nested] 22+ messages in thread
* [gentoo-commits] gentoo commit in xml/htdocs/proj/en/infrastructure: ldap.xml
@ 2009-11-10 19:07 Robin H. Johnson (robbat2)
0 siblings, 0 replies; 22+ messages in thread
From: Robin H. Johnson (robbat2) @ 2009-11-10 19:07 UTC (permalink / raw
To: gentoo-commits
robbat2 09/11/10 19:07:20
Modified: ldap.xml
Log:
Update the LDAP guide, clarifying the -b argument that is often confused. Update list of hosts and mention we use nsscache. Also in examples gpgkey is a multiple-entry key, so use roles for an example and make gpgkey like ssh key.
Revision Changes Path
1.28 xml/htdocs/proj/en/infrastructure/ldap.xml
file : http://sources.gentoo.org/viewcvs.py/gentoo/xml/htdocs/proj/en/infrastructure/ldap.xml?rev=1.28&view=markup
plain: http://sources.gentoo.org/viewcvs.py/gentoo/xml/htdocs/proj/en/infrastructure/ldap.xml?rev=1.28&content-type=text/plain
diff : http://sources.gentoo.org/viewcvs.py/gentoo/xml/htdocs/proj/en/infrastructure/ldap.xml?r1=1.27&r2=1.28
Index: ldap.xml
===================================================================
RCS file: /var/cvsroot/gentoo/xml/htdocs/proj/en/infrastructure/ldap.xml,v
retrieving revision 1.27
retrieving revision 1.28
diff -p -w -b -B -u -u -r1.27 -r1.28
--- ldap.xml 7 Oct 2009 11:08:40 -0000 1.27
+++ ldap.xml 10 Nov 2009 19:07:19 -0000 1.28
@@ -1,6 +1,6 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE guide SYSTEM "/dtd/guide.dtd">
-<!-- $Header: /var/cvsroot/gentoo/xml/htdocs/proj/en/infrastructure/ldap.xml,v 1.27 2009/10/07 11:08:40 sping Exp $ -->
+<!-- $Header: /var/cvsroot/gentoo/xml/htdocs/proj/en/infrastructure/ldap.xml,v 1.28 2009/11/10 19:07:19 robbat2 Exp $ -->
<guide link="/proj/en/infrastructure/ldap.xml">
<title>Gentoo Infrastructure LDAP guide</title>
@@ -27,8 +27,8 @@ and administrators.
<!-- See http://creativecommons.org/licenses/by-sa/2.5 -->
<license/>
-<version>1.9</version>
-<date>2008-10-12</date>
+<version>1.10</version>
+<date>2009-11-10</date>
<chapter>
<title>Key Concepts</title>
@@ -149,7 +149,9 @@ server so any update you do could take u
<e>dev.gentoo.org</e>. We use <c>nscd</c> (Name Service Caching Daemon) to cache
negative and positive lookups. This means that your changes may not become active
for some time. If you need to force the change we can restart nscd for you. Ask
-in #gentoo-infra for help with this.
+in #gentoo-infra for help with this. Additionally, we use <c>nsscache</c> to
+provide resiliency against LDAP servers being temporarily unavailable for NSS
+lookups, but we do NOT keep local copys of SSH keys.
</note>
</body>
@@ -288,11 +290,6 @@ been retired: <e>gentooHerd</e>, <e>gent
<title>LDAP aware servers</title>
<body>
-<p>
-The following servers have been migrated to LDAP. All gentoo servers will eventually
-be migrated and this guide will be updated as the migration is completed.
-</p>
-
<table>
<tr>
<th>Server Name</th>
@@ -334,6 +331,26 @@ be migrated and this guide will be updat
<ti>torrents.gentoo.org</ti>
<ti>LDAP client: accounts, sudo, ssh</ti>
</tr>
+ <tr>
+ <ti>hornbill.gentoo.org</ti>
+ <ti>bugs-web1.gentoo.org</ti>
+ <ti>LDAP client: accounts, sudo, ssh</ti>
+ </tr>
+ <tr>
+ <ti>hummingbird.gentoo.org</ti>
+ <ti>bugs-web2.gentoo.org</ti>
+ <ti>LDAP client: accounts, sudo, ssh</ti>
+ </tr>
+ <tr>
+ <ti>gannet.gentoo.org</ti>
+ <ti>forums-web1.gentoo.org</ti>
+ <ti>LDAP client: accounts, sudo, ssh</ti>
+ </tr>
+ <tr>
+ <ti>godwit.gentoo.org</ti>
+ <ti>forums-web2.gentoo.org</ti>
+ <ti>LDAP client: accounts, sudo, ssh</ti>
+ </tr>
</table>
</body>
@@ -396,24 +413,34 @@ The following are the most common option
<p>
Gentoo Developers and Staff members (recruiters and infra please refer to the
following sections) can update their LDAP record directly. Here are examples
-of the most commonly changed attributes.
+of the most commonly changed attributes. The most common error is using a
+actual username in place of the <c>-b MODE</c> argument, which takes
+<e>user</e> as the parameter.
</p>
<pre caption="Show attributes for a user entry">
<comment>(Substitute an actual user name for <username>)</comment>
# <i>perl_ldap -s <username></i>
-<comment>(binding as user will show additional information)</comment>
+<comment>(Binding as 'user' mode will show additional information.
+Only replace <username>, not "user")</comment>
# <i>perl_ldap -b user -s <username></i>
</pre>
+<pre caption="Change your roles">
+# <i>perl_ldap -b user -M gentooRoles "<role string>" <username></i>
+</pre>
+
<pre caption="Change your GPG key">
-# <i>perl_ldap -b user -M gentooGPGkey "1AF343E" <username></i>
+<comment>(Substitute your GPG key id <keyid>, with the leading 0x included)</comment>
+# <i>perl_ldap -b user -C gentooGPGkey "<newkeyid>" <username></i>
+# <i>perl_ldap -b user -E gentooGPGkey "<oldkeyid>" <username></i>
</pre>
<pre caption="Add a new public SSH key">
<comment>(substitute 'pubkey' with the path to your public SSH key. ex: "~/.ssh/id_dsa.pub".
-You should have one sshPublicKey attribute per key! No newlines!)</comment>
+You should have one sshPublicKey attribute per key! No newlines!
+Only replace <username>, not "user")</comment>
# <i>perl_ldap -b user -C sshPublicKey "$(cat pubkey)" <username></i>
</pre>
^ permalink raw reply [flat|nested] 22+ messages in thread
* [gentoo-commits] gentoo commit in xml/htdocs/proj/en/infrastructure: ldap.xml
@ 2010-04-24 17:20 Robin H. Johnson (robbat2)
0 siblings, 0 replies; 22+ messages in thread
From: Robin H. Johnson (robbat2) @ 2010-04-24 17:20 UTC (permalink / raw
To: gentoo-commits
robbat2 10/04/24 17:20:00
Modified: ldap.xml
Log:
Document new fields for bug #299507, #202820.
Revision Changes Path
1.29 xml/htdocs/proj/en/infrastructure/ldap.xml
file : http://sources.gentoo.org/viewcvs.py/gentoo/xml/htdocs/proj/en/infrastructure/ldap.xml?rev=1.29&view=markup
plain: http://sources.gentoo.org/viewcvs.py/gentoo/xml/htdocs/proj/en/infrastructure/ldap.xml?rev=1.29&content-type=text/plain
diff : http://sources.gentoo.org/viewcvs.py/gentoo/xml/htdocs/proj/en/infrastructure/ldap.xml?r1=1.28&r2=1.29
Index: ldap.xml
===================================================================
RCS file: /var/cvsroot/gentoo/xml/htdocs/proj/en/infrastructure/ldap.xml,v
retrieving revision 1.28
retrieving revision 1.29
diff -p -w -b -B -u -u -r1.28 -r1.29
--- ldap.xml 10 Nov 2009 19:07:19 -0000 1.28
+++ ldap.xml 24 Apr 2010 17:20:00 -0000 1.29
@@ -1,6 +1,6 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE guide SYSTEM "/dtd/guide.dtd">
-<!-- $Header: /var/cvsroot/gentoo/xml/htdocs/proj/en/infrastructure/ldap.xml,v 1.28 2009/11/10 19:07:19 robbat2 Exp $ -->
+<!-- $Header: /var/cvsroot/gentoo/xml/htdocs/proj/en/infrastructure/ldap.xml,v 1.29 2010/04/24 17:20:00 robbat2 Exp $ -->
<guide link="/proj/en/infrastructure/ldap.xml">
<title>Gentoo Infrastructure LDAP guide</title>
@@ -197,6 +197,13 @@ otherwise noted. Required fields are emp
<ti>UTF-8</ti>
</tr>
<tr>
+ <ti>gentooDevBug</ti>
+ <ti>infra, recruiters (not globally readable)</ti>
+ <ti>bug numbers for any recruitment, retirement or developer relations bugs</ti>
+ <ti>multiple, optional</ti>
+ <ti>integer</ti>
+ </tr>
+ <tr>
<ti>gentooGPGFingerprint, gpgfingerprint</ti>
<ti>user</ti>
<ti>GPG key fingerprint</ti>
@@ -246,6 +253,13 @@ otherwise noted. Required fields are emp
<ti>signed decimal string</ti>
</tr>
<tr>
+ <ti>gentooMentor</ti>
+ <ti>infra, recruiters</ti>
+ <ti>username of mentors</ti>
+ <ti>multiple, optional</ti>
+ <ti>UTF-8</ti>
+ </tr>
+ <tr>
<ti>gentooRetire</ti>
<ti>infra, recruiters</ti>
<ti>developer retirement date</ti>
^ permalink raw reply [flat|nested] 22+ messages in thread
* [gentoo-commits] gentoo commit in xml/htdocs/proj/en/infrastructure: ldap.xml
@ 2010-04-24 18:33 Robin H. Johnson (robbat2)
0 siblings, 0 replies; 22+ messages in thread
From: Robin H. Johnson (robbat2) @ 2010-04-24 18:33 UTC (permalink / raw
To: gentoo-commits
robbat2 10/04/24 18:33:41
Modified: ldap.xml
Log:
Update for aliased attributes.
Revision Changes Path
1.30 xml/htdocs/proj/en/infrastructure/ldap.xml
file : http://sources.gentoo.org/viewcvs.py/gentoo/xml/htdocs/proj/en/infrastructure/ldap.xml?rev=1.30&view=markup
plain: http://sources.gentoo.org/viewcvs.py/gentoo/xml/htdocs/proj/en/infrastructure/ldap.xml?rev=1.30&content-type=text/plain
diff : http://sources.gentoo.org/viewcvs.py/gentoo/xml/htdocs/proj/en/infrastructure/ldap.xml?r1=1.29&r2=1.30
Index: ldap.xml
===================================================================
RCS file: /var/cvsroot/gentoo/xml/htdocs/proj/en/infrastructure/ldap.xml,v
retrieving revision 1.29
retrieving revision 1.30
diff -p -w -b -B -u -u -r1.29 -r1.30
--- ldap.xml 24 Apr 2010 17:20:00 -0000 1.29
+++ ldap.xml 24 Apr 2010 18:33:41 -0000 1.30
@@ -1,6 +1,6 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE guide SYSTEM "/dtd/guide.dtd">
-<!-- $Header: /var/cvsroot/gentoo/xml/htdocs/proj/en/infrastructure/ldap.xml,v 1.29 2010/04/24 17:20:00 robbat2 Exp $ -->
+<!-- $Header: /var/cvsroot/gentoo/xml/htdocs/proj/en/infrastructure/ldap.xml,v 1.30 2010/04/24 18:33:41 robbat2 Exp $ -->
<guide link="/proj/en/infrastructure/ldap.xml">
<title>Gentoo Infrastructure LDAP guide</title>
@@ -295,7 +295,7 @@ All dates must be formatted as ISO8601,
<p
>The following attributes were in use at some point in the past, but have
-been retired: <e>gentooHerd</e>, <e>gentooAltMail</e>, <e>gentooForumsUID</e>.
+been retired: <e>gentooHerd/herd</e>, <e>gentooAltMail/altMail</e>, <e>gentooForumsUID/forumsUID</e>.
</p>
</body>
^ permalink raw reply [flat|nested] 22+ messages in thread
* [gentoo-commits] gentoo commit in xml/htdocs/proj/en/infrastructure: ldap.xml
@ 2010-04-24 18:51 Robin H. Johnson (robbat2)
0 siblings, 0 replies; 22+ messages in thread
From: Robin H. Johnson (robbat2) @ 2010-04-24 18:51 UTC (permalink / raw
To: gentoo-commits
robbat2 10/04/24 18:51:35
Modified: ldap.xml
Log:
Update all host references and bump the version to reference the quantity of changes that have happened.
Revision Changes Path
1.31 xml/htdocs/proj/en/infrastructure/ldap.xml
file : http://sources.gentoo.org/viewcvs.py/gentoo/xml/htdocs/proj/en/infrastructure/ldap.xml?rev=1.31&view=markup
plain: http://sources.gentoo.org/viewcvs.py/gentoo/xml/htdocs/proj/en/infrastructure/ldap.xml?rev=1.31&content-type=text/plain
diff : http://sources.gentoo.org/viewcvs.py/gentoo/xml/htdocs/proj/en/infrastructure/ldap.xml?r1=1.30&r2=1.31
Index: ldap.xml
===================================================================
RCS file: /var/cvsroot/gentoo/xml/htdocs/proj/en/infrastructure/ldap.xml,v
retrieving revision 1.30
retrieving revision 1.31
diff -p -w -b -B -u -u -r1.30 -r1.31
--- ldap.xml 24 Apr 2010 18:33:41 -0000 1.30
+++ ldap.xml 24 Apr 2010 18:51:35 -0000 1.31
@@ -1,6 +1,6 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE guide SYSTEM "/dtd/guide.dtd">
-<!-- $Header: /var/cvsroot/gentoo/xml/htdocs/proj/en/infrastructure/ldap.xml,v 1.30 2010/04/24 18:33:41 robbat2 Exp $ -->
+<!-- $Header: /var/cvsroot/gentoo/xml/htdocs/proj/en/infrastructure/ldap.xml,v 1.31 2010/04/24 18:51:35 robbat2 Exp $ -->
<guide link="/proj/en/infrastructure/ldap.xml">
<title>Gentoo Infrastructure LDAP guide</title>
@@ -27,8 +27,8 @@ and administrators.
<!-- See http://creativecommons.org/licenses/by-sa/2.5 -->
<license/>
-<version>1.10</version>
-<date>2009-11-10</date>
+<version>1.20</version>
+<date>2010-04-24</date>
<chapter>
<title>Key Concepts</title>
@@ -99,15 +99,14 @@ some administrative changes to users.
<p>
The <e>infra</e> level enables the infrastructure team full power over LDAP,
-and is additionally protected by only being available from ldap1.gentoo.org
-(toucan.gentoo.org).
+and is additionally protected by only being available from ldap1.gentoo.org.
</p>
<note>
-All write operations performed by infra must be performed on ldap1.gentoo.org
-(toucan.gentoo.org). Normal user and recruiter write operations may be
-performed on any LDAP-connected Gentoo box, however it is strongly recommended
-that you use dev.gentoo.org (woodpecker.gentoo.org).
+All write operations performed by infra must be performed on ldap1.gentoo.org.
+Normal user and recruiter write operations may be performed on any
+LDAP-connected Gentoo box, however it is strongly recommended that you use
+dev.gentoo.org.
</note>
</body>
@@ -311,14 +310,14 @@ been retired: <e>gentooHerd/herd</e>, <e
<th>Status</th>
</tr>
<tr>
- <ti>dunlin.gentoo.org</ti>
+ <ti>duck.gentoo.org</ti>
<ti>ldap1.gentoo.org</ti>
- <ti>LDAP Master Server, LDAP client: accounts, sudo, ssh</ti>
+ <ti>LDAP Master Server, LDAP client: NSS (accounts, sudo, ssh)</ti>
</tr>
<tr>
<ti>duck.gentoo.org</ti>
<ti>ldap2.gentoo.org</ti>
- <ti>LDAP Slave Server</ti>
+ <ti>LDAP Slave Server (presently also ldap1)</ti>
</tr>
<tr>
<ti>corvid.gentoo.org</ti>
@@ -333,37 +332,48 @@ been retired: <e>gentooHerd/herd</e>, <e
<tr>
<ti>woodpecker.gentoo.org</ti>
<ti>dev.gentoo.org</ti>
- <ti>LDAP client: accounts, sudo, ssh</ti>
+ <ti>LDAP client: NSS (accounts, sudo, ssh) (gentooAccess=dev.g.o)</ti>
</tr>
<tr>
- <ti>stork.gentoo.org</ti>
+ <ti>corvid.gentoo.org</ti>
<ti>cvs.gentoo.org</ti>
- <ti>LDAP client: accounts, sudo</ti>
+ <ti>LDAP client: accounts, sudo (local LDAP slave as well, gentooAccess=cvs.g.o)</ti>
</tr>
+ <!-- regular boxes beyond here -->
<tr>
- <ti>sparrow.gentoo.org</ti>
- <ti>torrents.gentoo.org</ti>
- <ti>LDAP client: accounts, sudo, ssh</ti>
+ <ti>gannet.gentoo.org</ti>
+ <ti>forums-web1.gentoo.org</ti>
+ <ti>LDAP client: NSS (accounts, sudo, ssh)</ti>
+ </tr>
+ <tr>
+ <ti>godwit.gentoo.org</ti>
+ <ti>forums-web2.gentoo.org</ti>
+ <ti>LDAP client: NSS (accounts, sudo, ssh)</ti>
</tr>
<tr>
<ti>hornbill.gentoo.org</ti>
<ti>bugs-web1.gentoo.org</ti>
- <ti>LDAP client: accounts, sudo, ssh</ti>
+ <ti>LDAP client: NSS (accounts, sudo, ssh)</ti>
</tr>
<tr>
<ti>hummingbird.gentoo.org</ti>
<ti>bugs-web2.gentoo.org</ti>
- <ti>LDAP client: accounts, sudo, ssh</ti>
+ <ti>LDAP client: NSS (accounts, sudo, ssh)</ti>
</tr>
<tr>
- <ti>gannet.gentoo.org</ti>
- <ti>forums-web1.gentoo.org</ti>
- <ti>LDAP client: accounts, sudo, ssh</ti>
+ <ti>magpie.gentoo.org</ti>
+ <ti>mirrorstats.gentoo.org</ti>
+ <ti>LDAP client: NSS (accounts, sudo, ssh)</ti>
</tr>
<tr>
- <ti>godwit.gentoo.org</ti>
- <ti>forums-web2.gentoo.org</ti>
- <ti>LDAP client: accounts, sudo, ssh</ti>
+ <ti>pigeon.gentoo.org</ti>
+ <ti>lists.gentoo.org</ti>
+ <ti>LDAP client: raw LDAP only</ti>
+ </tr>
+ <tr>
+ <ti>sparrow.gentoo.org</ti>
+ <ti>torrents.gentoo.org</ti>
+ <ti>LDAP client: NSS (accounts, sudo, ssh)</ti>
</tr>
</table>
^ permalink raw reply [flat|nested] 22+ messages in thread
* [gentoo-commits] gentoo commit in xml/htdocs/proj/en/infrastructure: ldap.xml
@ 2010-05-02 23:49 Robin H. Johnson (robbat2)
0 siblings, 0 replies; 22+ messages in thread
From: Robin H. Johnson (robbat2) @ 2010-05-02 23:49 UTC (permalink / raw
To: gentoo-commits
robbat2 10/05/02 23:49:24
Modified: ldap.xml
Log:
Update Gentoo LDAP howto with instructions on changing your password and shell, as well as some of the other schema fields that are in use but are part of stock schemas rather than our custom Gentoo schema.
Revision Changes Path
1.32 xml/htdocs/proj/en/infrastructure/ldap.xml
file : http://sources.gentoo.org/viewcvs.py/gentoo/xml/htdocs/proj/en/infrastructure/ldap.xml?rev=1.32&view=markup
plain: http://sources.gentoo.org/viewcvs.py/gentoo/xml/htdocs/proj/en/infrastructure/ldap.xml?rev=1.32&content-type=text/plain
diff : http://sources.gentoo.org/viewcvs.py/gentoo/xml/htdocs/proj/en/infrastructure/ldap.xml?r1=1.31&r2=1.32
Index: ldap.xml
===================================================================
RCS file: /var/cvsroot/gentoo/xml/htdocs/proj/en/infrastructure/ldap.xml,v
retrieving revision 1.31
retrieving revision 1.32
diff -p -w -b -B -u -u -r1.31 -r1.32
--- ldap.xml 24 Apr 2010 18:51:35 -0000 1.31
+++ ldap.xml 2 May 2010 23:49:24 -0000 1.32
@@ -1,6 +1,6 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE guide SYSTEM "/dtd/guide.dtd">
-<!-- $Header: /var/cvsroot/gentoo/xml/htdocs/proj/en/infrastructure/ldap.xml,v 1.31 2010/04/24 18:51:35 robbat2 Exp $ -->
+<!-- $Header: /var/cvsroot/gentoo/xml/htdocs/proj/en/infrastructure/ldap.xml,v 1.32 2010/05/02 23:49:24 robbat2 Exp $ -->
<guide link="/proj/en/infrastructure/ldap.xml">
<title>Gentoo Infrastructure LDAP guide</title>
@@ -27,8 +27,8 @@ and administrators.
<!-- See http://creativecommons.org/licenses/by-sa/2.5 -->
<license/>
-<version>1.20</version>
-<date>2010-04-24</date>
+<version>1.25</version>
+<date>2010-05-02</date>
<chapter>
<title>Key Concepts</title>
@@ -292,11 +292,66 @@ otherwise noted. Required fields are emp
All dates must be formatted as ISO8601, YYYY/MM/DD.
</note>
-<p
->The following attributes were in use at some point in the past, but have
-been retired: <e>gentooHerd/herd</e>, <e>gentooAltMail/altMail</e>, <e>gentooForumsUID/forumsUID</e>.
+<p>
+The following attributes were in use at some point in the past, but have
+been retired: <e>gentooHerd/herd</e>, <e>gentooAltMail/altMail</e>,
+<e>gentooForumsUID/forumsUID</e>.
</p>
+<p>Additionally, we use a number of standard LDAP schemas for user records: <e>inetOrgPerson</e>, <e>organizationalPerson</e>, <e>person</e>, <e>posixAccount</e>, <e>shadowAccount</e>. Some of the attributes in these schemas are listed below.</p>
+
+<table>
+ <tr>
+ <th>Attribute Name</th>
+ <th>Access Level</th>
+ <th>Description</th>
+ <th>Type</th>
+ <th>Format</th>
+ </tr>
+ <tr>
+ <ti><e>mail</e></ti>
+ <ti>user</ti>
+ <ti>alternative email addresses</ti>
+ <ti>multiple, required</ti>
+ <ti>UTF-8</ti>
+ </tr>
+ <tr>
+ <ti><e>cn</e>, <e>sn</e>, <e>givenName</e></ti>
+ <ti>recruiters</ti>
+ <ti>real name of developer</ti>
+ <ti>single, required</ti>
+ <ti>UTF-8</ti>
+ </tr>
+ <tr>
+ <ti><e>gecos</e></ti>
+ <ti>recruiters</ti>
+ <ti>real name of developer for script usage</ti>
+ <ti>single, required</ti>
+ <ti>ASCII, 7-bit clean</ti>
+ </tr>
+ <tr>
+ <ti><e>initials</e></ti>
+ <ti>recruiters</ti>
+ <ti>real name of developer</ti>
+ <ti>single, required</ti>
+ <ti>UTF-8</ti>
+ </tr>
+ <tr>
+ <ti><e>loginShell</e></ti>
+ <ti>user</ti>
+ <ti>login shell, change with <e>chsh</e></ti>
+ <ti>single, required</ti>
+ <ti>ASCII</ti>
+ </tr>
+ <tr>
+ <ti><e>userPassword</e></ti>
+ <ti>user</ti>
+ <ti>password, change with <e>passwd</e> ONLY</ti>
+ <ti>single, required</ti>
+ <ti>ASCII, hashed</ti>
+ </tr>
+</table>
+
</body>
</section>
<section>
@@ -386,14 +441,14 @@ been retired: <e>gentooHerd/herd</e>, <e
<p>
These are the main concepts of the perl_ldap script used for user
administration. Invoking <e>perl_ldap</e> without arguments shows a nice help.
-Your own dev.gentoo.org password is asked when binding.
+Your own LDAP password is required when binding.
</p>
<p>
The script is the infra supported method for managing entries, nothing prevents
you from using any LDAP browser you like for modifying your attributes. If you
like to use something else, ask infra for connection details but keep in mind
-that we won't support and/or troubleshoot other browsers issues.
+that we won't support and/or troubleshoot other browser's issues.
</p>
<p>
@@ -472,6 +527,18 @@ Only replace <username>, not "user
# <i>perl_ldap -b user -E sshPublicKey "$(cat oldpubkey)" <username></i>
</pre>
+<pre caption="Change your LDAP password">
+<comment>To change your password, simply use the normal <i>passwd</i> command on any LDAP-enabled server.</comment>
+<comment><b>Do not use perl_ldap to change your password, as it does not perform any password hashing.</b></comment>
+# <i>passwd</i>
+</pre>
+
+<pre caption="Change your login shell">
+<comment>To change your password, simply use the normal <i>chsh</i> command on any LDAP-enabled server.</comment>
+<comment><b>If you want to use a shell other than bash, ask infra about it's availability on other machines</b></comment>
+# <i>chsh</i>
+</pre>
+
</body>
</section>
<section>
@@ -569,7 +636,7 @@ infra-cvsadmin.group, infra-system.group
<ul>
<li>Master LDAP Server - ldap1.gentoo.org</li>
- <li>Slave LDAP Server - ldap2.gentoo.org</li>
+ <li>Slave LDAP Server - ldap2.gentoo.org (presently a CNAME to ldap1)</li>
<li>Slave LDAP Server - ldap3.gentoo.org</li>
<li>Slave LDAP Server - ldap4.gentoo.org</li>
<li><uri link="http://www.tldp.org/HOWTO/html_single/LDAP-HOWTO">LDAP HOWTO</uri></li>
^ permalink raw reply [flat|nested] 22+ messages in thread
* [gentoo-commits] gentoo commit in xml/htdocs/proj/en/infrastructure: ldap.xml
@ 2010-05-03 0:00 Robin H. Johnson (robbat2)
0 siblings, 0 replies; 22+ messages in thread
From: Robin H. Johnson (robbat2) @ 2010-05-03 0:00 UTC (permalink / raw
To: gentoo-commits
robbat2 10/05/03 00:00:08
Modified: ldap.xml
Log:
Fix emphasis and whitespace.
Revision Changes Path
1.33 xml/htdocs/proj/en/infrastructure/ldap.xml
file : http://sources.gentoo.org/viewcvs.py/gentoo/xml/htdocs/proj/en/infrastructure/ldap.xml?rev=1.33&view=markup
plain: http://sources.gentoo.org/viewcvs.py/gentoo/xml/htdocs/proj/en/infrastructure/ldap.xml?rev=1.33&content-type=text/plain
diff : http://sources.gentoo.org/viewcvs.py/gentoo/xml/htdocs/proj/en/infrastructure/ldap.xml?r1=1.32&r2=1.33
Index: ldap.xml
===================================================================
RCS file: /var/cvsroot/gentoo/xml/htdocs/proj/en/infrastructure/ldap.xml,v
retrieving revision 1.32
retrieving revision 1.33
diff -p -w -b -B -u -u -r1.32 -r1.33
--- ldap.xml 2 May 2010 23:49:24 -0000 1.32
+++ ldap.xml 3 May 2010 00:00:08 -0000 1.33
@@ -1,6 +1,6 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE guide SYSTEM "/dtd/guide.dtd">
-<!-- $Header: /var/cvsroot/gentoo/xml/htdocs/proj/en/infrastructure/ldap.xml,v 1.32 2010/05/02 23:49:24 robbat2 Exp $ -->
+<!-- $Header: /var/cvsroot/gentoo/xml/htdocs/proj/en/infrastructure/ldap.xml,v 1.33 2010/05/03 00:00:08 robbat2 Exp $ -->
<guide link="/proj/en/infrastructure/ldap.xml">
<title>Gentoo Infrastructure LDAP guide</title>
@@ -27,7 +27,7 @@ and administrators.
<!-- See http://creativecommons.org/licenses/by-sa/2.5 -->
<license/>
-<version>1.25</version>
+<version>1.26</version>
<date>2010-05-02</date>
<chapter>
@@ -192,7 +192,7 @@ otherwise noted. Required fields are emp
<ti>gentooAlias</ti>
<ti>infra, recruiters</ti>
<ti>alternate names for this developer</ti>
- <ti>multiple, required</ti>
+ <ti>multiple, optional</ti>
<ti>UTF-8</ti>
</tr>
<tr>
@@ -224,7 +224,7 @@ otherwise noted. Required fields are emp
<ti>UTF-8</ti>
</tr>
<tr>
- <ti>gentooJoin</ti>
+ <ti><e>gentooJoin</e></ti>
<ti>infra, recruiters</ti>
<ti>developer join date</ti>
<ti>multiple, required</ti>
@@ -330,10 +330,10 @@ been retired: <e>gentooHerd/herd</e>, <e
<ti>ASCII, 7-bit clean</ti>
</tr>
<tr>
- <ti><e>initials</e></ti>
+ <ti>initials</ti>
<ti>recruiters</ti>
<ti>real name of developer</ti>
- <ti>single, required</ti>
+ <ti>single, optional</ti>
<ti>UTF-8</ti>
</tr>
<tr>
^ permalink raw reply [flat|nested] 22+ messages in thread
* [gentoo-commits] gentoo commit in xml/htdocs/proj/en/infrastructure: ldap.xml
@ 2010-05-17 1:22 Robin H. Johnson (robbat2)
0 siblings, 0 replies; 22+ messages in thread
From: Robin H. Johnson (robbat2) @ 2010-05-17 1:22 UTC (permalink / raw
To: gentoo-commits
robbat2 10/05/17 01:22:15
Modified: ldap.xml
Log:
Document how to set gentooSPF records in LDAP.
Revision Changes Path
1.34 xml/htdocs/proj/en/infrastructure/ldap.xml
file : http://sources.gentoo.org/viewvc.cgi/gentoo/xml/htdocs/proj/en/infrastructure/ldap.xml?rev=1.34&view=markup
plain: http://sources.gentoo.org/viewvc.cgi/gentoo/xml/htdocs/proj/en/infrastructure/ldap.xml?rev=1.34&content-type=text/plain
diff : http://sources.gentoo.org/viewvc.cgi/gentoo/xml/htdocs/proj/en/infrastructure/ldap.xml?r1=1.33&r2=1.34
Index: ldap.xml
===================================================================
RCS file: /var/cvsroot/gentoo/xml/htdocs/proj/en/infrastructure/ldap.xml,v
retrieving revision 1.33
retrieving revision 1.34
diff -p -w -b -B -u -u -r1.33 -r1.34
--- ldap.xml 3 May 2010 00:00:08 -0000 1.33
+++ ldap.xml 17 May 2010 01:22:15 -0000 1.34
@@ -1,6 +1,6 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE guide SYSTEM "/dtd/guide.dtd">
-<!-- $Header: /var/cvsroot/gentoo/xml/htdocs/proj/en/infrastructure/ldap.xml,v 1.33 2010/05/03 00:00:08 robbat2 Exp $ -->
+<!-- $Header: /var/cvsroot/gentoo/xml/htdocs/proj/en/infrastructure/ldap.xml,v 1.34 2010/05/17 01:22:15 robbat2 Exp $ -->
<guide link="/proj/en/infrastructure/ldap.xml">
<title>Gentoo Infrastructure LDAP guide</title>
@@ -273,6 +273,13 @@ otherwise noted. Required fields are emp
<ti>UTF-8</ti>
</tr>
<tr>
+ <ti>gentooSPF</ti>
+ <ti>user</ti>
+ <ti>developer SPF record</ti>
+ <ti>single, optional</ti>
+ <ti>ASCII</ti>
+ </tr>
+ <tr>
<ti><e>gentooStatus</e></ti>
<ti>infra, recruiters</ti>
<ti>developer status</ti>
@@ -539,6 +546,10 @@ Only replace <username>, not "user
# <i>chsh</i>
</pre>
+<pre caption="Change your SPF rules">
+# <i>perl_ldap -b user -M gentooSPF "<SPF string>" <username></i>
+</pre>
+
</body>
</section>
<section>
^ permalink raw reply [flat|nested] 22+ messages in thread
* [gentoo-commits] gentoo commit in xml/htdocs/proj/en/infrastructure: ldap.xml
@ 2010-11-08 22:51 Joshua Saddler (nightmorph)
0 siblings, 0 replies; 22+ messages in thread
From: Joshua Saddler (nightmorph) @ 2010-11-08 22:51 UTC (permalink / raw
To: gentoo-commits
nightmorph 10/11/08 22:51:49
Modified: ldap.xml
Log:
misc guidexml fixes, no content change
Revision Changes Path
1.35 xml/htdocs/proj/en/infrastructure/ldap.xml
file : http://sources.gentoo.org/viewvc.cgi/gentoo/xml/htdocs/proj/en/infrastructure/ldap.xml?rev=1.35&view=markup
plain: http://sources.gentoo.org/viewvc.cgi/gentoo/xml/htdocs/proj/en/infrastructure/ldap.xml?rev=1.35&content-type=text/plain
diff : http://sources.gentoo.org/viewvc.cgi/gentoo/xml/htdocs/proj/en/infrastructure/ldap.xml?r1=1.34&r2=1.35
Index: ldap.xml
===================================================================
RCS file: /var/cvsroot/gentoo/xml/htdocs/proj/en/infrastructure/ldap.xml,v
retrieving revision 1.34
retrieving revision 1.35
diff -u -r1.34 -r1.35
--- ldap.xml 17 May 2010 01:22:15 -0000 1.34
+++ ldap.xml 8 Nov 2010 22:51:49 -0000 1.35
@@ -1,6 +1,6 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE guide SYSTEM "/dtd/guide.dtd">
-<!-- $Header: /var/cvsroot/gentoo/xml/htdocs/proj/en/infrastructure/ldap.xml,v 1.34 2010/05/17 01:22:15 robbat2 Exp $ -->
+<!-- $Header: /var/cvsroot/gentoo/xml/htdocs/proj/en/infrastructure/ldap.xml,v 1.35 2010/11/08 22:51:49 nightmorph Exp $ -->
<guide link="/proj/en/infrastructure/ldap.xml">
<title>Gentoo Infrastructure LDAP guide</title>
@@ -37,26 +37,26 @@
<body>
<p>
-LDAP stands for Lightweight Directory Access Protocol, a lightweight client-server
-protocol for accessing directory services. LDAP directory service is based on a
-client-server model. One or more servers contain the data making up the LDAP
-directory tree. An LDAP client connects to an LDAP server and requests information.
-The server responds with the data or points the client to another source.
-(typically another LDAP server).
+LDAP stands for Lightweight Directory Access Protocol, a lightweight
+client-server protocol for accessing directory services. LDAP directory service
+is based on a client-server model. One or more servers contain the data making
+up the LDAP directory tree. An LDAP client connects to an LDAP server and
+requests information. The server responds with the data or points the client to
+another source. (typically another LDAP server).
</p>
<p>
-Just like a database, an entry in LDAP consists of fields of data or 'Attributes'.
-This collection of attributes is called a 'Schema'. This guide will explain
-which attributes are available, who can change them and give role based examples
-for modifying the Gentoo LDAP Schema.
+Just like a database, an entry in LDAP consists of fields of data or
+'Attributes'. This collection of attributes is called a 'Schema'. This guide
+will explain which attributes are available, who can change them and give role
+based examples for modifying the Gentoo LDAP Schema.
</p>
<p>
When a developer accesses a resource, like dev.gentoo.org
(woodpecker.gentoo.org), the resource acts as an LDAP client and queries the
-LDAP server (ldap1, ldap2, ldap3, ldap4) to see if that user is in the database and
-authorized for access.
+LDAP server (ldap1, ldap2, ldap3, ldap4) to see if that user is in the database
+and authorized for access.
</p>
</body>
@@ -69,8 +69,9 @@
LDAP is used by Gentoo to secure the infrastructure. Gentoo resources are spread
across the globe and LDAP gives us a central location to manage them. There are
four levels of access: anonymous, user, recruiter and infra that are used to
-control what can be changed in the LDAP database. These are controlled via
-special values in the gentooAccess attribute.</p>
+control what can be changed in the LDAP database. These are controlled via
+special values in the gentooAccess attribute.
+</p>
<p>
You must connect or <e>bind</e> to the LDAP database either anonymously, or a
@@ -81,7 +82,7 @@
<p>
The <e>anonymous</e> level is used for simple <e>read only</e> informational
-queries. All developers and staff can bind to LDAP as anonymous. If you don't
+queries. All developers and staff can bind to LDAP as anonymous. If you don't
specify a mode when you bind, anonymous is assumed.
</p>
@@ -137,20 +138,21 @@
</p>
<p>
-We use a custom script, <c>perl_ldap</c> that uses <e>Net::LDAP</e>, for accessing
-and modifying the database, it allows only a predefined set of actions but it
-should cover 95% of the cases. In the following chapters we explain how to use it.
+We use a custom script, <c>perl_ldap</c> that uses <e>Net::LDAP</e>, for
+accessing and modifying the database, it allows only a predefined set of actions
+but it should cover 95% of the cases. In the following chapters we explain how
+to use it.
</p>
<note>
<e>dev.gentoo.org</e> is currently using <e>ldap2.gentoo.org</e> as its first
server so any update you do could take up to 60 seconds for being seen on
-<e>dev.gentoo.org</e>. We use <c>nscd</c> (Name Service Caching Daemon) to cache
-negative and positive lookups. This means that your changes may not become active
-for some time. If you need to force the change we can restart nscd for you. Ask
-in #gentoo-infra for help with this. Additionally, we use <c>nsscache</c> to
-provide resiliency against LDAP servers being temporarily unavailable for NSS
-lookups, but we do NOT keep local copys of SSH keys.
+<e>dev.gentoo.org</e>. We use <c>nscd</c> (Name Service Caching Daemon) to cache
+negative and positive lookups. This means that your changes may not become
+active for some time. If you need to force the change we can restart nscd for
+you. Ask in #gentoo-infra for help with this. Additionally, we use
+<c>nsscache</c> to provide resiliency against LDAP servers being temporarily
+unavailable for NSS lookups, but we do NOT keep local copies of SSH keys.
</note>
</body>
@@ -305,7 +307,12 @@
<e>gentooForumsUID/forumsUID</e>.
</p>
-<p>Additionally, we use a number of standard LDAP schemas for user records: <e>inetOrgPerson</e>, <e>organizationalPerson</e>, <e>person</e>, <e>posixAccount</e>, <e>shadowAccount</e>. Some of the attributes in these schemas are listed below.</p>
+<p>
+Additionally, we use a number of standard LDAP schemas for user records:
+<e>inetOrgPerson</e>, <e>organizationalPerson</e>, <e>person</e>,
+<e>posixAccount</e>, <e>shadowAccount</e>. Some of the attributes in these
+schemas are listed below.
+</p>
<table>
<tr>
@@ -399,7 +406,10 @@
<tr>
<ti>corvid.gentoo.org</ti>
<ti>cvs.gentoo.org</ti>
- <ti>LDAP client: accounts, sudo (local LDAP slave as well, gentooAccess=cvs.g.o)</ti>
+ <ti>
+ LDAP client: accounts, sudo (local LDAP slave as well,
+ gentooAccess=cvs.g.o)
+ </ti>
</tr>
<!-- regular boxes beyond here -->
<tr>
@@ -557,11 +567,11 @@
<body>
<p>
-Recruiters can change their own attributes or those of another user. You <b>must</b>
-bind as <e>recruiters</e> to change any attributes including your own. The
-following examples show how to change attributes for other users. To change
-your own attributes use the examples from the "users" section above but bind as
-a recruiter.
+Recruiters can change their own attributes or those of another user. You
+<b>must</b> bind as <e>recruiters</e> to change any attributes including your
+own. The following examples show how to change attributes for other users. To
+change your own attributes use the examples from the "users" section above but
+bind as a recruiter.
</p>
<p>
@@ -571,15 +581,15 @@
</p>
<p>
-The following examples will show you how to change attributes for users, recruiters
-and infra. All write operations performed by infra against another user must be
-performed on dev.gentoo.org (woodpecker.gentoo.org).
+The following examples will show you how to change attributes for users,
+recruiters and infra. All write operations performed by infra against another
+user must be performed on dev.gentoo.org (woodpecker.gentoo.org).
</p>
<p>
-Some attributes, like <e>sshPublickey</e>, and <e>mail</e>, allow multi-values. To append an
-additional value to the exiting ones use <c>-C</c>. You may not use <c>-M</c>
-with multi-valued attributes.
+Some attributes, like <e>sshPublickey</e>, and <e>mail</e>, allow multi-values.
+To append an additional value to the exiting ones use <c>-C</c>. You may not use
+<c>-M</c> with multi-valued attributes.
</p>
<pre caption="Modify (overwrite) an existing attribute for a user">
@@ -661,5 +671,4 @@
</body>
</section>
</chapter>
-
</guide>
^ permalink raw reply [flat|nested] 22+ messages in thread
* [gentoo-commits] gentoo commit in xml/htdocs/proj/en/infrastructure: ldap.xml
@ 2011-11-21 20:57 Christian Ruppert (idl0r)
0 siblings, 0 replies; 22+ messages in thread
From: Christian Ruppert (idl0r) @ 2011-11-21 20:57 UTC (permalink / raw
To: gentoo-commits
idl0r 11/11/21 20:57:31
Modified: ldap.xml
Log:
ldap1 is duck "now".
Revision Changes Path
1.36 xml/htdocs/proj/en/infrastructure/ldap.xml
file : http://sources.gentoo.org/viewvc.cgi/gentoo/xml/htdocs/proj/en/infrastructure/ldap.xml?rev=1.36&view=markup
plain: http://sources.gentoo.org/viewvc.cgi/gentoo/xml/htdocs/proj/en/infrastructure/ldap.xml?rev=1.36&content-type=text/plain
diff : http://sources.gentoo.org/viewvc.cgi/gentoo/xml/htdocs/proj/en/infrastructure/ldap.xml?r1=1.35&r2=1.36
Index: ldap.xml
===================================================================
RCS file: /var/cvsroot/gentoo/xml/htdocs/proj/en/infrastructure/ldap.xml,v
retrieving revision 1.35
retrieving revision 1.36
diff -u -r1.35 -r1.36
--- ldap.xml 8 Nov 2010 22:51:49 -0000 1.35
+++ ldap.xml 21 Nov 2011 20:57:31 -0000 1.36
@@ -1,6 +1,6 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE guide SYSTEM "/dtd/guide.dtd">
-<!-- $Header: /var/cvsroot/gentoo/xml/htdocs/proj/en/infrastructure/ldap.xml,v 1.35 2010/11/08 22:51:49 nightmorph Exp $ -->
+<!-- $Header: /var/cvsroot/gentoo/xml/htdocs/proj/en/infrastructure/ldap.xml,v 1.36 2011/11/21 20:57:31 idl0r Exp $ -->
<guide link="/proj/en/infrastructure/ldap.xml">
<title>Gentoo Infrastructure LDAP guide</title>
@@ -27,8 +27,8 @@
<!-- See http://creativecommons.org/licenses/by-sa/2.5 -->
<license/>
-<version>1.26</version>
-<date>2010-05-02</date>
+<version>1.27</version>
+<date>2011-11-21</date>
<chapter>
<title>Key Concepts</title>
@@ -635,7 +635,7 @@
bind as <e>user</e> to change any attributes, including your own. To change
your own attributes use the examples from the "users" section above from any
LDAP-aware machine. To change another users record, you must be using perl_ldap
-from ldap1.gentoo.org (dunlin.gentoo.org).
+from ldap1.gentoo.org (duck.gentoo.org).
</p>
<p>
^ permalink raw reply [flat|nested] 22+ messages in thread
* [gentoo-commits] gentoo commit in xml/htdocs/proj/en/infrastructure: ldap.xml
@ 2013-03-14 9:09 Robin H. Johnson (robbat2)
0 siblings, 0 replies; 22+ messages in thread
From: Robin H. Johnson (robbat2) @ 2013-03-14 9:09 UTC (permalink / raw
To: gentoo-commits
robbat2 13/03/14 09:09:45
Modified: ldap.xml
Log:
gpgKey is a multiple-instance attribute. Clarify editing single vs multiple-instance attributes.
Revision Changes Path
1.38 xml/htdocs/proj/en/infrastructure/ldap.xml
file : http://sources.gentoo.org/viewvc.cgi/gentoo/xml/htdocs/proj/en/infrastructure/ldap.xml?rev=1.38&view=markup
plain: http://sources.gentoo.org/viewvc.cgi/gentoo/xml/htdocs/proj/en/infrastructure/ldap.xml?rev=1.38&content-type=text/plain
diff : http://sources.gentoo.org/viewvc.cgi/gentoo/xml/htdocs/proj/en/infrastructure/ldap.xml?r1=1.37&r2=1.38
Index: ldap.xml
===================================================================
RCS file: /var/cvsroot/gentoo/xml/htdocs/proj/en/infrastructure/ldap.xml,v
retrieving revision 1.37
retrieving revision 1.38
diff -p -w -b -B -u -u -r1.37 -r1.38
--- ldap.xml 28 Oct 2012 15:21:07 -0000 1.37
+++ ldap.xml 14 Mar 2013 09:09:45 -0000 1.38
@@ -1,6 +1,6 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE guide SYSTEM "/dtd/guide.dtd">
-<!-- $Header: /var/cvsroot/gentoo/xml/htdocs/proj/en/infrastructure/ldap.xml,v 1.37 2012/10/28 15:21:07 swift Exp $ -->
+<!-- $Header: /var/cvsroot/gentoo/xml/htdocs/proj/en/infrastructure/ldap.xml,v 1.38 2013/03/14 09:09:45 robbat2 Exp $ -->
<guide>
<title>Gentoo Infrastructure LDAP guide</title>
@@ -27,8 +27,8 @@ and administrators.
<!-- See http://creativecommons.org/licenses/by-sa/2.5 -->
<license/>
-<version>1.27</version>
-<date>2011-11-21</date>
+<version>1.28</version>
+<date>2013-03-14</date>
<chapter>
<title>Key Concepts</title>
@@ -592,8 +592,13 @@ To append an additional value to the exi
<c>-M</c> with multi-valued attributes.
</p>
-<pre caption="Modify (overwrite) an existing attribute for a user">
-# <i>perl_ldap -b user -M gentooGPGkey "0x1AF343EB" <username></i>
+<pre caption="Modify (overwrite) an existing single-instance attribute for a user">
+# <i>perl_ldap -b user -M gentooLocation "new location" <username></i>
+</pre>
+
+<pre caption="Modify (overwrite) an existing multiple-instance attribute for a user">
+# <i>perl_ldap -b user -C gentooGPGkey "<newkeyid>" <username></i>
+# <i>perl_ldap -b user -E gentooGPGkey "<oldkeyid>" <username></i>
</pre>
<pre caption="Delete an attribute for a user">
^ permalink raw reply [flat|nested] 22+ messages in thread
* [gentoo-commits] gentoo commit in xml/htdocs/proj/en/infrastructure: ldap.xml
@ 2013-08-08 18:52 Alex Legler (a3li)
0 siblings, 0 replies; 22+ messages in thread
From: Alex Legler (a3li) @ 2013-08-08 18:52 UTC (permalink / raw
To: gentoo-commits
a3li 13/08/08 18:52:38
Modified: ldap.xml
Log:
LDAP guide is now on wiki.g.o
Revision Changes Path
1.39 xml/htdocs/proj/en/infrastructure/ldap.xml
file : http://sources.gentoo.org/viewvc.cgi/gentoo/xml/htdocs/proj/en/infrastructure/ldap.xml?rev=1.39&view=markup
plain: http://sources.gentoo.org/viewvc.cgi/gentoo/xml/htdocs/proj/en/infrastructure/ldap.xml?rev=1.39&content-type=text/plain
diff : http://sources.gentoo.org/viewvc.cgi/gentoo/xml/htdocs/proj/en/infrastructure/ldap.xml?r1=1.38&r2=1.39
Index: ldap.xml
===================================================================
RCS file: /var/cvsroot/gentoo/xml/htdocs/proj/en/infrastructure/ldap.xml,v
retrieving revision 1.38
retrieving revision 1.39
diff -u -r1.38 -r1.39
--- ldap.xml 14 Mar 2013 09:09:45 -0000 1.38
+++ ldap.xml 8 Aug 2013 18:52:38 -0000 1.39
@@ -1,8 +1,8 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE guide SYSTEM "/dtd/guide.dtd">
-<!-- $Header: /var/cvsroot/gentoo/xml/htdocs/proj/en/infrastructure/ldap.xml,v 1.38 2013/03/14 09:09:45 robbat2 Exp $ -->
+<!-- $Header: /var/cvsroot/gentoo/xml/htdocs/proj/en/infrastructure/ldap.xml,v 1.39 2013/08/08 18:52:38 a3li Exp $ -->
-<guide>
+<guide disclaimer="obsolete" redirect="http://wiki.gentoo.org/wiki/Project:Infrastructure/LDAP_Guide">
<title>Gentoo Infrastructure LDAP guide</title>
<author title="Author">
^ permalink raw reply [flat|nested] 22+ messages in thread
end of thread, other threads:[~2013-08-08 18:52 UTC | newest]
Thread overview: 22+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2010-05-17 1:22 [gentoo-commits] gentoo commit in xml/htdocs/proj/en/infrastructure: ldap.xml Robin H. Johnson (robbat2)
-- strict thread matches above, loose matches on Subject: below --
2013-08-08 18:52 Alex Legler (a3li)
2013-03-14 9:09 Robin H. Johnson (robbat2)
2011-11-21 20:57 Christian Ruppert (idl0r)
2010-11-08 22:51 Joshua Saddler (nightmorph)
2010-05-03 0:00 Robin H. Johnson (robbat2)
2010-05-02 23:49 Robin H. Johnson (robbat2)
2010-04-24 18:51 Robin H. Johnson (robbat2)
2010-04-24 18:33 Robin H. Johnson (robbat2)
2010-04-24 17:20 Robin H. Johnson (robbat2)
2009-11-10 19:07 Robin H. Johnson (robbat2)
2009-10-07 11:08 Sebastian Pipping (sping)
2009-01-17 10:52 Robin H. Johnson (robbat2)
2008-10-12 11:22 Robin H. Johnson (robbat2)
2008-10-12 11:20 Robin H. Johnson (robbat2)
2008-10-12 11:16 Robin H. Johnson (robbat2)
2008-10-12 10:57 Robin H. Johnson (robbat2)
2008-10-03 21:59 Robin H. Johnson (robbat2)
2008-10-03 21:57 Robin H. Johnson (robbat2)
2007-12-23 23:31 Robin H. Johnson (robbat2)
2007-12-18 1:42 Robin H. Johnson (robbat2)
2007-12-18 1:29 Robin H. Johnson (robbat2)
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox