1 == add an account to ud-ldap ==
5 A Debian Account Manager (DAM) will submit an RT ticket to ask that an account
6 be created for a new member of the Debian Project.
8 Initially, the RT ticket will be assigned to a Debian Keyring Maintainer (DKM)
9 so that Debian's Keyring may be updated with the user's GPG key.
11 Subsequently, the RT ticket will be assigned to a Debian System Administrator
12 (DSA) so that Debian's LDAP may be updated.
14 This HOWTO documents DSA's actions relating to account creation.
16 The RT ticket will contain the following details in a GPG-signed message:
17 * the user's account type ("uploading DD")
18 * the user's GPG key fingerprint
19 * the user's full name (first name, middle name, last name)
20 * the user's forwarding address
21 * the user's preferred account name
23 === Procedure for New Accounts ===
25 Step 1: Download the GPG-signed message from RT and verify the signature.
26 Ensure that the message has been signed by a DAM (for a list of DAMs, see
27 http://wiki.debian.org/DAManager or http://www.debian.org/intro/organization).
29 Step 2: Create an entry in LDAP by executing ud-useradd on draghi.
32 you@home~$ ssh you@db-master.debian.org
33 you@draghi~$ ud-useradd
36 You will be prompted to enter the fingerprint; the preferred account name; the
37 first, middle and last names; and the forwarding address. Some of these values
38 will be extracted from the GPG key, if available.
40 Use the @debian.org for the debian-private subscription.
42 Accept the randomly generated password.
44 Step 3: Confirm account creation.
46 Step 4: Resolve the RT ticket. Enter the 'final information collected' emitted
47 by ud-adduser as the message of the resolution action. Carbon copy the
48 forwarding address and da-manager@debian.org.
50 === Procedure for Upgrading Guest Accounts ===
54 Step 2: Remove the GPG key from guest-keyring.
57 you@home~$ sudo apt-get install jetring
58 you@home~$ git clone ssh://db.debian.org/git/guest-keyring.git
59 you@home~$ cd guest-keyring
60 you@home~$ ./del-key <fingerprint>
62 you@home~$ git add debian-guest/delete-<fingerprint substring>
63 you@home~$ git commit -a
66 Step 3: Modify the LDAP entry.
69 you@draghi~$ export EDITOR=vim
70 you@draghi~$ ldapvi -ZZ -D uid=<you>,ou=users,ou=debian,ou=org
73 add privateSub: <account>@debian.org
78 Step 4: Email welcome-message-800 to the user, substituting parameters.
80 Step 5: Resolve the RT ticket. Carbon copy the forwarding address and
81 da-manager@debian.org.