[tor-bugs] #32519 [Internal Services/Tor Sysadmin Team]: improve user onboard/offboarding procedures

Tor Bug Tracker & Wiki blackhole at torproject.org
Sat Nov 16 21:49:15 UTC 2019


#32519: improve user onboard/offboarding procedures
-------------------------------------------------+---------------------
 Reporter:  anarcat                              |          Owner:  tpa
     Type:  defect                               |         Status:  new
 Priority:  Medium                               |      Milestone:
Component:  Internal Services/Tor Sysadmin Team  |        Version:
 Severity:  Normal                               |     Resolution:
 Keywords:                                       |  Actual Points:
Parent ID:                                       |         Points:
 Reviewer:                                       |        Sponsor:
-------------------------------------------------+---------------------

Old description:

> while working on the nextcloud project, we realized it wasn't exactly
> trivial to setup the LDAP bridge because of our specific requirements (no
> direct connexion, offline support). so we just didn't implement it yet
> (#32332). i added a note about this in the
> [https://help.torproject.org/tsa/howto/retire-a-user/ retire a user]
> procedure, but then i realized there are probably many other such
> services that do *not* connect with LDAP.
>
> On the top of my head, there's at least Trac and mailing lists, for
> example, which are managed completely separarely. Audit
> [[org/operations/services]] and see which services are manager manually
> and which aren't.
>
> Then make sure there's an automated way to add/remove users to services,
> either by hooking up the service with LDAP, or by creating a wrapper
> script that will manage those accesses.

New description:

 while working on the nextcloud project, we realized it wasn't exactly
 trivial to setup the LDAP bridge because of our specific requirements (no
 direct connexion, offline support). so we just didn't implement it yet
 (#32332). i added a note about this in the
 [https://help.torproject.org/tsa/howto/retire-a-user/ retire a user]
 procedure, but then i realized there are probably many other such services
 that do *not* connect with LDAP.

 On the top of my head, there's at least Trac and mailing lists, for
 example, which are managed completely separarely. Audit
 [[org/operations/services]] and see which services are manager manually
 and which aren't.

 Then make sure there's an automated way to add/remove users to services,
 either by hooking up the service with LDAP, or by creating a wrapper
 script that will manage those accesses.

 So the following needs to be done here:

  * [ ] document, in [https://help.torproject.org/tsa/howto/new-person/
 new-person] and https://help.torproject.org/tsa/howto/retire-a-user
 retire-a-user], the various services to add/remove people to
  * [ ] automate the above with a script or LDAP

 Note that the two pages have different scope: `new-person` is about TSA
 while `retire-a-user` is broader. This should also be converged, probably
 in the broader sense.

--

Comment (by anarcat):

 mention the new person page as well

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/32519#comment:1>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list