General LDAP Documentation

debian.org uses a single LDAP driven directory for account management across all the project run machines. This directory also provides services for leaving vacation notices, updating xplanet coordinates, email forwarding, ssh authentication keys and other information.

Note: the 'passwd' program and 'chfn' do not work with LDAP information. Please use the web page or email gateway for the time being. All machines running OpenSSH are using replicated SSH RSA authentication keys.

Security and Privacy

Three levels of information security are provided by the database. The first is completely public information that anyone can see either by issuing an LDAP query or by visiting the web site. The next level is "developer-only" information that requires authentication to the directory before it can be accessed. The final level is admin-only or user-only information; this information can only be viewed by the user or an administrator.

developer-only information includes precise location information [postalcode, postal address, lat/long] telephone numbers, and the vacation message.

Admin-only/user-only information includes email forwarding, ssh keys and the encrypted password. Note that email forwarding is necessarily publicly viewable from accounts on the actual machines.

Entries in the directory are keyed to the developers PGP key, whoever has that key can make any change to the directory through the mail interface.

Access

The directory has several means to access it:

SSL Web Forms
Finger gateway, finger foo@debian.org
Mail gateway
Direct LDAP Access
LDAP command line tools such as ud-info

Lost or forgotten password instructions

Back to the Debian Project homepage.

You can contact us at admin@db.debian.org.