[gentoo-commits] gentoo commit in xml/htdocs/proj/en/infrastructure: ldap.xml - gentoo-commits

From:	"Robin H. Johnson (robbat2)" <robbat2@g.o>
To:	gentoo-commits@l.g.o
Subject:	[gentoo-commits] gentoo commit in xml/htdocs/proj/en/infrastructure: ldap.xml
Date:	Sun, 02 May 2010 23:49:30
Message-Id:	`20100502234924.DE0B82C298@corvid.gentoo.org`

1

robbat2     10/05/02 23:49:24

2

3

  Modified:             ldap.xml

4

  Log:

5

  Update Gentoo LDAP howto with instructions on changing your password and shell, as well as some of the other schema fields that are in use but are part of stock schemas rather than our custom Gentoo schema.

6

7

Revision  Changes    Path

8

1.32                 xml/htdocs/proj/en/infrastructure/ldap.xml

9

10

file : http://sources.gentoo.org/viewcvs.py/gentoo/xml/htdocs/proj/en/infrastructure/ldap.xml?rev=1.32&view=markup

11

plain: http://sources.gentoo.org/viewcvs.py/gentoo/xml/htdocs/proj/en/infrastructure/ldap.xml?rev=1.32&content-type=text/plain

12

diff : http://sources.gentoo.org/viewcvs.py/gentoo/xml/htdocs/proj/en/infrastructure/ldap.xml?r1=1.31&r2=1.32

13

14

Index: ldap.xml

15

===================================================================

16

RCS file: /var/cvsroot/gentoo/xml/htdocs/proj/en/infrastructure/ldap.xml,v

17

retrieving revision 1.31

18

retrieving revision 1.32

19

diff -p -w -b -B -u -u -r1.31 -r1.32

20

--- ldap.xml	24 Apr 2010 18:51:35 -0000	1.31

21

+++ ldap.xml	2 May 2010 23:49:24 -0000	1.32

22

@@ -1,6 +1,6 @@

23

 <?xml version="1.0" encoding="UTF-8"?>

24

 <!DOCTYPE guide SYSTEM "/dtd/guide.dtd">

25

-<!-- $Header: /var/cvsroot/gentoo/xml/htdocs/proj/en/infrastructure/ldap.xml,v 1.31 2010/04/24 18:51:35 robbat2 Exp $ -->

26

+<!-- $Header: /var/cvsroot/gentoo/xml/htdocs/proj/en/infrastructure/ldap.xml,v 1.32 2010/05/02 23:49:24 robbat2 Exp $ -->

27

28

 <guide link="/proj/en/infrastructure/ldap.xml">

29

 <title>Gentoo Infrastructure LDAP guide</title>

30

@@ -27,8 +27,8 @@ and administrators.

31

 <!-- See http://creativecommons.org/licenses/by-sa/2.5 -->

32

 <license/>

33

34

-<version>1.20</version>

35

-<date>2010-04-24</date>

36

+<version>1.25</version>

37

+<date>2010-05-02</date>

38

39

 <chapter>

40

 <title>Key Concepts</title>

41

@@ -292,11 +292,66 @@ otherwise noted. Required fields are emp

42

 All dates must be formatted as ISO8601, YYYY/MM/DD.

43

 </note>

44

45

-<p

46

->The following attributes were in use at some point in the past, but have

47

-been retired: <e>gentooHerd/herd</e>, <e>gentooAltMail/altMail</e>, <e>gentooForumsUID/forumsUID</e>.

48

+<p>

49

+The following attributes were in use at some point in the past, but have

50

+been retired: <e>gentooHerd/herd</e>, <e>gentooAltMail/altMail</e>,

51

+<e>gentooForumsUID/forumsUID</e>.

52

 </p>

53

54

+<p>Additionally, we use a number of standard LDAP schemas for user records: <e>inetOrgPerson</e>, <e>organizationalPerson</e>, <e>person</e>, <e>posixAccount</e>, <e>shadowAccount</e>. Some of the attributes in these schemas are listed below.</p>

55

+

56

+<table>

57

+  <tr>

58

+    <th>Attribute Name</th>

59

+    <th>Access Level</th>

60

+    <th>Description</th>

61

+    <th>Type</th>

62

+    <th>Format</th>

63

+  </tr>

64

+  <tr>

65

+    <ti><e>mail</e></ti>

66

+    <ti>user</ti>

67

+    <ti>alternative email addresses</ti>

68

+    <ti>multiple, required</ti>

69

+    <ti>UTF-8</ti>

70

+  </tr>

71

+  <tr>

72

+	<ti><e>cn</e>, <e>sn</e>, <e>givenName</e></ti>

73

+    <ti>recruiters</ti>

74

+    <ti>real name of developer</ti>

75

+    <ti>single, required</ti>

76

+    <ti>UTF-8</ti>

77

+  </tr>

78

+  <tr>

79

+	<ti><e>gecos</e></ti>

80

+    <ti>recruiters</ti>

81

+    <ti>real name of developer for script usage</ti>

82

+    <ti>single, required</ti>

83

+    <ti>ASCII, 7-bit clean</ti>

84

+  </tr>

85

+  <tr>

86

+	<ti><e>initials</e></ti>

87

+    <ti>recruiters</ti>

88

+    <ti>real name of developer</ti>

89

+    <ti>single, required</ti>

90

+    <ti>UTF-8</ti>

91

+  </tr>

92

+  <tr>

93

+	<ti><e>loginShell</e></ti>

94

+    <ti>user</ti>

95

+	<ti>login shell, change with <e>chsh</e></ti>

96

+    <ti>single, required</ti>

97

+    <ti>ASCII</ti>

98

+  </tr>

99

+  <tr>

100

+	<ti><e>userPassword</e></ti>

101

+    <ti>user</ti>

102

+	<ti>password, change with <e>passwd</e> ONLY</ti>

103

+    <ti>single, required</ti>

104

+    <ti>ASCII, hashed</ti>

105

+  </tr>

106

+</table>

107

+

108

 </body>

109

 </section>

110

 <section>

111

@@ -386,14 +441,14 @@ been retired: <e>gentooHerd/herd</e>, <e

112

<p>

113

 These are the main concepts of the perl_ldap script used for user

114

 administration. Invoking <e>perl_ldap</e> without arguments shows a nice help.

115

-Your own dev.gentoo.org password is asked when binding.

116

+Your own LDAP password is required when binding.

117

 </p>

118

119

<p>

120

 The script is the infra supported method for managing entries, nothing prevents

121

 you from using any LDAP browser you like for modifying your attributes. If you

122

 like to use something else, ask infra for connection details but keep in mind

123

-that we won't support and/or troubleshoot other browsers issues.

124

+that we won't support and/or troubleshoot other browser's issues.

125

 </p>

126

127

<p>

128

@@ -472,6 +527,18 @@ Only replace &lt;username&gt;, not "user

129

 # <i>perl_ldap -b user -E sshPublicKey "$(cat oldpubkey)" &lt;username&gt;</i>

130

 </pre>

131

132

+<pre caption="Change your LDAP password">

133

+<comment>To change your password, simply use the normal <i>passwd</i> command on any LDAP-enabled server.</comment>

134

+<comment><b>Do not use perl_ldap to change your password, as it does not perform any password hashing.</b></comment>

135

+# <i>passwd</i>

136

+</pre>

137

+

138

+<pre caption="Change your login shell">

139

+<comment>To change your password, simply use the normal <i>chsh</i> command on any LDAP-enabled server.</comment>

140

+<comment><b>If you want to use a shell other than bash, ask infra about it's availability on other machines</b></comment>

141

+# <i>chsh</i>

142

+</pre>

143

+

144

 </body>

145

 </section>

146

 <section>

147

@@ -569,7 +636,7 @@ infra-cvsadmin.group, infra-system.group

148

149

 <ul>

150

   <li>Master LDAP Server - ldap1.gentoo.org</li>

151

-  <li>Slave LDAP Server - ldap2.gentoo.org</li>

152

+  <li>Slave LDAP Server - ldap2.gentoo.org (presently a CNAME to ldap1)</li>

153

   <li>Slave LDAP Server - ldap3.gentoo.org</li>

154

   <li>Slave LDAP Server - ldap4.gentoo.org</li>

155

   <li><uri link="http://www.tldp.org/HOWTO/html_single/LDAP-HOWTO">LDAP HOWTO</uri></li>

1	robbat2 10/05/02 23:49:24
2
3	Modified: ldap.xml
4	Log:
5	Update Gentoo LDAP howto with instructions on changing your password and shell, as well as some of the other schema fields that are in use but are part of stock schemas rather than our custom Gentoo schema.
6
7	Revision Changes Path
8	1.32 xml/htdocs/proj/en/infrastructure/ldap.xml
9
10	file : http://sources.gentoo.org/viewcvs.py/gentoo/xml/htdocs/proj/en/infrastructure/ldap.xml?rev=1.32&view=markup
11	plain: http://sources.gentoo.org/viewcvs.py/gentoo/xml/htdocs/proj/en/infrastructure/ldap.xml?rev=1.32&content-type=text/plain
12	diff : http://sources.gentoo.org/viewcvs.py/gentoo/xml/htdocs/proj/en/infrastructure/ldap.xml?r1=1.31&r2=1.32
13
14	Index: ldap.xml
15	===================================================================
16	RCS file: /var/cvsroot/gentoo/xml/htdocs/proj/en/infrastructure/ldap.xml,v
17	retrieving revision 1.31
18	retrieving revision 1.32
19	diff -p -w -b -B -u -u -r1.31 -r1.32
20	--- ldap.xml 24 Apr 2010 18:51:35 -0000 1.31
21	+++ ldap.xml 2 May 2010 23:49:24 -0000 1.32
22	@@ -1,6 +1,6 @@
23	<?xml version="1.0" encoding="UTF-8"?>
24	<!DOCTYPE guide SYSTEM "/dtd/guide.dtd">
25	-<!-- $Header: /var/cvsroot/gentoo/xml/htdocs/proj/en/infrastructure/ldap.xml,v 1.31 2010/04/24 18:51:35 robbat2 Exp $ -->
26	+<!-- $Header: /var/cvsroot/gentoo/xml/htdocs/proj/en/infrastructure/ldap.xml,v 1.32 2010/05/02 23:49:24 robbat2 Exp $ -->
27
28	<guide link="/proj/en/infrastructure/ldap.xml">
29	<title>Gentoo Infrastructure LDAP guide</title>
30	@@ -27,8 +27,8 @@ and administrators.
31	<!-- See http://creativecommons.org/licenses/by-sa/2.5 -->
32	<license/>
33
34	-<version>1.20</version>
35	-<date>2010-04-24</date>
36	+<version>1.25</version>
37	+<date>2010-05-02</date>
38
39	<chapter>
40	<title>Key Concepts</title>
41	@@ -292,11 +292,66 @@ otherwise noted. Required fields are emp
42	All dates must be formatted as ISO8601, YYYY/MM/DD.
43	</note>
44
45	-<p
46	->The following attributes were in use at some point in the past, but have
47	-been retired: <e>gentooHerd/herd</e>, <e>gentooAltMail/altMail</e>, <e>gentooForumsUID/forumsUID</e>.
48	+<p>
49	+The following attributes were in use at some point in the past, but have
50	+been retired: <e>gentooHerd/herd</e>, <e>gentooAltMail/altMail</e>,
51	+<e>gentooForumsUID/forumsUID</e>.
52	</p>
53
54	+<p>Additionally, we use a number of standard LDAP schemas for user records: <e>inetOrgPerson</e>, <e>organizationalPerson</e>, <e>person</e>, <e>posixAccount</e>, <e>shadowAccount</e>. Some of the attributes in these schemas are listed below.</p>
55	+
56	+<table>
57	+ <tr>
58	+ <th>Attribute Name</th>
59	+ <th>Access Level</th>
60	+ <th>Description</th>
61	+ <th>Type</th>
62	+ <th>Format</th>
63	+ </tr>
64	+ <tr>
65	+ <ti><e>mail</e></ti>
66	+ <ti>user</ti>
67	+ <ti>alternative email addresses</ti>
68	+ <ti>multiple, required</ti>
69	+ <ti>UTF-8</ti>
70	+ </tr>
71	+ <tr>
72	+ <ti><e>cn</e>, <e>sn</e>, <e>givenName</e></ti>
73	+ <ti>recruiters</ti>
74	+ <ti>real name of developer</ti>
75	+ <ti>single, required</ti>
76	+ <ti>UTF-8</ti>
77	+ </tr>
78	+ <tr>
79	+ <ti><e>gecos</e></ti>
80	+ <ti>recruiters</ti>
81	+ <ti>real name of developer for script usage</ti>
82	+ <ti>single, required</ti>
83	+ <ti>ASCII, 7-bit clean</ti>
84	+ </tr>
85	+ <tr>
86	+ <ti><e>initials</e></ti>
87	+ <ti>recruiters</ti>
88	+ <ti>real name of developer</ti>
89	+ <ti>single, required</ti>
90	+ <ti>UTF-8</ti>
91	+ </tr>
92	+ <tr>
93	+ <ti><e>loginShell</e></ti>
94	+ <ti>user</ti>
95	+ <ti>login shell, change with <e>chsh</e></ti>
96	+ <ti>single, required</ti>
97	+ <ti>ASCII</ti>
98	+ </tr>
99	+ <tr>
100	+ <ti><e>userPassword</e></ti>
101	+ <ti>user</ti>
102	+ <ti>password, change with <e>passwd</e> ONLY</ti>
103	+ <ti>single, required</ti>
104	+ <ti>ASCII, hashed</ti>
105	+ </tr>
106	+</table>
107	+
108	</body>
109	</section>
110	<section>
111	@@ -386,14 +441,14 @@ been retired: <e>gentooHerd/herd</e>, <e
112	<p>
113	These are the main concepts of the perl_ldap script used for user
114	administration. Invoking <e>perl_ldap</e> without arguments shows a nice help.
115	-Your own dev.gentoo.org password is asked when binding.
116	+Your own LDAP password is required when binding.
117	</p>
118
119	<p>
120	The script is the infra supported method for managing entries, nothing prevents
121	you from using any LDAP browser you like for modifying your attributes. If you
122	like to use something else, ask infra for connection details but keep in mind
123	-that we won't support and/or troubleshoot other browsers issues.
124	+that we won't support and/or troubleshoot other browser's issues.
125	</p>
126
127	<p>
128	@@ -472,6 +527,18 @@ Only replace <username>, not "user
129	# <i>perl_ldap -b user -E sshPublicKey "$(cat oldpubkey)" <username></i>
130	</pre>
131
132	+<pre caption="Change your LDAP password">
133	+<comment>To change your password, simply use the normal <i>passwd</i> command on any LDAP-enabled server.</comment>
134	+<comment><b>Do not use perl_ldap to change your password, as it does not perform any password hashing.</b></comment>
135	+# <i>passwd</i>
136	+</pre>
137	+
138	+<pre caption="Change your login shell">
139	+<comment>To change your password, simply use the normal <i>chsh</i> command on any LDAP-enabled server.</comment>
140	+<comment><b>If you want to use a shell other than bash, ask infra about it's availability on other machines</b></comment>
141	+# <i>chsh</i>
142	+</pre>
143	+
144	</body>
145	</section>
146	<section>
147	@@ -569,7 +636,7 @@ infra-cvsadmin.group, infra-system.group
148
149	<ul>
150	<li>Master LDAP Server - ldap1.gentoo.org</li>
151	- <li>Slave LDAP Server - ldap2.gentoo.org</li>
152	+ <li>Slave LDAP Server - ldap2.gentoo.org (presently a CNAME to ldap1)</li>
153	<li>Slave LDAP Server - ldap3.gentoo.org</li>
154	<li>Slave LDAP Server - ldap4.gentoo.org</li>
155	<li><uri link="http://www.tldp.org/HOWTO/html_single/LDAP-HOWTO">LDAP HOWTO</uri></li>

Gentoo Archives: gentoo-commits