Gentoo Infrastructure LDAP guide

From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from pigeon.gentoo.org ([208.92.234.80] helo=lists.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1N7w3p-0003nR-OO for garchives@archives.gentoo.org; Tue, 10 Nov 2009 19:07:26 +0000 Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 021A3E0AA2; Tue, 10 Nov 2009 19:07:25 +0000 (UTC) Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183]) by pigeon.gentoo.org (Postfix) with ESMTP id B9EC2E0AA2 for ; Tue, 10 Nov 2009 19:07:24 +0000 (UTC) Received: from stork.gentoo.org (stork.gentoo.org [64.127.104.133]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by smtp.gentoo.org (Postfix) with ESMTP id 5351967DE8 for ; Tue, 10 Nov 2009 19:07:24 +0000 (UTC) Received: from robbat2 by stork.gentoo.org with local (Exim 4.69) (envelope-from ) id 1N7w3k-0007x3-CT for gentoo-commits@lists.gentoo.org; Tue, 10 Nov 2009 19:07:22 +0000 From: "Robin H. Johnson (robbat2)" To: gentoo-commits@lists.gentoo.org Reply-To: gentoo-dev@lists.gentoo.org, robbat2@gentoo.org Subject: [gentoo-commits] gentoo commit in xml/htdocs/proj/en/infrastructure: ldap.xml X-VCS-Repository: gentoo X-VCS-Files: ldap.xml X-VCS-Directories: xml/htdocs/proj/en/infrastructure X-VCS-Committer: robbat2 X-VCS-Committer-Name: Robin H. Johnson Content-Type: text/plain; charset=utf8 Message-Id: Sender: "Robin H. Johnson" Date: Tue, 10 Nov 2009 19:07:20 +0000 Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-commits@lists.gentoo.org Content-Transfer-Encoding: quoted-printable X-Archives-Salt: b2f154a3-30f9-489f-8ea9-aec3df62702e X-Archives-Hash: d67a3b75c0a0248f5e15106b1bb2b84b robbat2 09/11/10 19:07:20 Modified: ldap.xml Log: Update the LDAP guide, clarifying the -b argument that is often confuse= d. Update list of hosts and mention we use nsscache. Also in examples gpg= key is a multiple-entry key, so use roles for an example and make gpgkey = like ssh key. Revision Changes Path 1.28 xml/htdocs/proj/en/infrastructure/ldap.xml file : http://sources.gentoo.org/viewcvs.py/gentoo/xml/htdocs/proj/en/inf= rastructure/ldap.xml?rev=3D1.28&view=3Dmarkup plain: http://sources.gentoo.org/viewcvs.py/gentoo/xml/htdocs/proj/en/inf= rastructure/ldap.xml?rev=3D1.28&content-type=3Dtext/plain diff : http://sources.gentoo.org/viewcvs.py/gentoo/xml/htdocs/proj/en/inf= rastructure/ldap.xml?r1=3D1.27&r2=3D1.28 Index: ldap.xml =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D RCS file: /var/cvsroot/gentoo/xml/htdocs/proj/en/infrastructure/ldap.xml,= v retrieving revision 1.27 retrieving revision 1.28 diff -p -w -b -B -u -u -r1.27 -r1.28 --- ldap.xml 7 Oct 2009 11:08:40 -0000 1.27 +++ ldap.xml 10 Nov 2009 19:07:19 -0000 1.28 @@ -1,6 +1,6 @@ - + =20 Gentoo Infrastructure LDAP guide @@ -27,8 +27,8 @@ and administrators. =20 -1.9 -2008-10-12 +1.10 +2009-11-10 =20 Key Concepts @@ -149,7 +149,9 @@ server so any update you do could take u dev.gentoo.org. We use nscd (Name Service Caching Daemon)= to cache negative and positive lookups. This means that your changes may not beco= me active for some time. If you need to force the change we can restart nscd for y= ou. Ask -in #gentoo-infra for help with this. +in #gentoo-infra for help with this. Additionally, we use nsscache to +provide resiliency against LDAP servers being temporarily unavailable fo= r NSS +lookups, but we do NOT keep local copys of SSH keys. =20 @@ -288,11 +290,6 @@ been retired: gentooHerd, gent LDAP aware servers =20 -

-The following servers have been migrated to LDAP. All gentoo servers wil= l eventually -be migrated and this guide will be updated as the migration is completed= . -

- @@ -334,6 +331,26 @@ be migrated and this guide will be updat torrents.gentoo.orgLDAP client: accounts, sudo, ssh + + hornbill.gentoo.org + bugs-web1.gentoo.org + LDAP client: accounts, sudo, ssh + + + hummingbird.gentoo.org + bugs-web2.gentoo.org + LDAP client: accounts, sudo, ssh + + + gannet.gentoo.org + forums-web1.gentoo.org + LDAP client: accounts, sudo, ssh + + + godwit.gentoo.org + forums-web2.gentoo.org + LDAP client: accounts, sudo, ssh +

Server Name

=20 @@ -396,24 +413,34 @@ The following are the most common option

Gentoo Developers and Staff members (recruiters and infra please refer t= o the following sections) can update their LDAP record directly. Here are exam= ples -of the most commonly changed attributes. +of the most commonly changed attributes. The most common error is using = a +actual username in place of the -b MODE argument, which takes +user as the parameter.

=20

 (Substitute an actual user name for <username>)
 # perl_ldap -s <username>
=20
-(binding as user will show additional information)
+(Binding as 'user' mode will show additional information.
+Only replace <username>, not "user")
 # perl_ldap -b user -s <username>

=20 +

+# perl_ldap -b user -M gentooRoles "<role string>" <username=
>
+

-# perl_ldap -b user -M gentooGPGkey "1AF343E" <username>
+(Substitute your GPG key id <keyid>, with the leading 0x =
included)
+# perl_ldap -b user -C gentooGPGkey "<newkeyid>" <username&g=
t;
+# perl_ldap -b user -E gentooGPGkey "<oldkeyid>" <username&g=
t;

=20

 (substitute 'pubkey' with the path to your public SSH key. ex: =
"~/.ssh/id_dsa.pub".=20
-You should have one sshPublicKey attribute per key! No newlines!)
+You should have one sshPublicKey attribute per key! No newlines!
+Only replace <username>, not "user")
 # perl_ldap -b user -C sshPublicKey "$(cat pubkey)" <username><=
/i>

=20