- Hostname: ldap.techinc.nl (does not work yet)
- Base DN: dc=techinc,dc=nl
- Users DN: ou=people,dc=techinc,dc=nl
- Groups DN: ou=groups,dc=techinc,dc=nl
- Load members into LDAP. - Done
- Set passwords manually for selected users.
- Create systems user for each system that needs special access to LDAP.
- Connect homepage/Drupal to the LDAP server.
- Create a password (re)set service.
- Load the users of the wiki into LDAP (we need to see if the MediaWiki password hashes has can be transported to LDAP)
- Connect MediaWiki to LDAP
- Start connecting the space-desktops to LDAP
Synchronizing members automatically - Memberizer
To add users to the LDAP "members" group there is an automated process that will receive the complete list of members and do the following:
- Any member not yet registered in the LDAP, will have a skeleton user created.
- All members will be added to the member list
- All other users will not be in the member list.
To use this process, the maintainer of the official list (Normally: The Treasurer) will have to do the following:
- Generate a JSON file with all of the space members (anyone not in the list, will not be a member in the LDAP anymore). Format example: https://github.com/chotee/memberizer/blob/master/memberizer/test/test_members.json
- Encrypt and sign the resgpg --sign --encrypt --recipient D2ABFD78 members.jsonulting file. It needs to be encrypted with the memberizer public key [0xF71A39FFD2ABFD78]
$ gpg --sign --encrypt --recipient 0xF71A39FFD2ABFD78 members.json
- Copy the encrypted file via scp to the /var/spool/members directory on armitage.techinc.nl .
$ scp members.json.gpg armitage.techinc.nl:/var/spool/members
- Memberizer will send an email to the emailadres of the member that signed the members file with a summary of the changes.
The code that runs this is available for review at https://github.com/chotee/memberizer
Authorizing members to update the list
(this needs to be done once for each person able to update the member list)
- Create a user for this authorized-member on armitage
- Add this user to the memberizer group on armitage
- As the memberizer user add the public key of the authorized-member to the GPG keyring and (after verifying the fingerprint) trust it in the keyring.
- Edit the /home/memberizer/memberizer/config.json file and add the fingerprint of this key to the signer_ids list.
- Restart memberizer with supervisorctl for the changes to take effect:
# supervisorctl restart memberizer