Details
Mon, Oct 7
Wed, Oct 2
Change #1077444 merged by jenkins-bot:
[labs/striker@master] auth: Properly remove 2FA support
Change #1077444 had a related patch set uploaded (by Majavah; author: Majavah):
[labs/striker@master] auth: Properly remove OATHAuth support
Tue, Oct 1
See T359554: Use IDP for authentication in Striker as a replacement.
Striker still has some code that needs to be cleaned up so T373461: Striker: use idm for 2fa validation instead of wikitech probably needs to be re-purposed to that, but otherwise probably not. T372892 is for replacing 2FA functionality in IDP.
Still relevant?
Still relevant?
Still relevant?
Since LdapAuthentication is gone these LDAP credentials should be removed completely instead.
Mon, Sep 30
Change #1076816 had a related patch set uploaded (by Majavah; author: Majavah):
[labs/striker@master] labsauth: Write SUL details to LDAP when updating linkage
Change #1076815 had a related patch set uploaded (by Majavah; author: Majavah):
[labs/striker@master] labsauth: Write SUL account details to LDAP on registration
Change #1076814 had a related patch set uploaded (by Majavah; author: Majavah):
[labs/striker@master] dev(docker): Add wmf-user custom LDAP schema
Sun, Sep 29
This is probably obsolete now that Horizon does IDP authentication via Keystone?
Tue, Sep 24
Renaming shell/idm/gerrit accounts is out of the scope of wikitech SULification so I'm not sure reopening this ticket makes sense. But for your wikitech account, we can rename "Kizule" to "Kizule (usurped)" and then rename "Zoranzoki21" to "Kizule". For that, request a rename in https://wikitech.wikimedia.org/wiki/Wikitech:Rename_requests
Mon, Sep 23
I'm reopening this task per https://lists.wikimedia.org/hyperkitty/list/wikitech-l@lists.wikimedia.org/message/5NBCVPPOXB4O3KI7B4YJBZUEA7N3YFQK/.
Tue, Sep 17
These days we have Bitu running on idm.wikimedia.org and we're in the process of moving access requests into it (early code has already landed). When this is all properly finished, the process of requesting access to an LDAP group, the approval by the service owner and the eventual addition to the group will all happen within idm.wikimedia.org for fixed, pre-defined groups. This solves the problem reported here, marking it as resolved even though we're not fully done yet.
Sat, Sep 14
Is https://wikitech.wikimedia.org/wiki/Wikitech:Rename_requests and this task really necessary? We already have ways to connect LDAP and SUL accounts with different names (in Bitu).
Fri, Sep 13
Aug 29 2024
We are probably skipping ahead to idp auth.
I'm not quite ready to close this as invalid but I'm dropping the priority since we are probably not doing it!
Aug 27 2024
I'm definitely going in circles here, but @bd808 suggests that we just skip ahead to https://phabricator.wikimedia.org/T359554 and let striker run without 2fa until 2fa is enabled in CAS. That would at least stop me being confused about what the intermediate steps are in all this.
Change #1064481 had a related patch set uploaded (by Andrew Bogott; author: Andrew Bogott):
[operations/puppet@production] openstack keystone: switch to idmtotp for 2fa
Change #1064480 had a related patch set uploaded (by Andrew Bogott; author: Andrew Bogott):
[operations/puppet@production] openstack keystone: add a new auth plugin to validate totp tokens against idm
Simon writes:
Aug 21 2024
Change #1064481 had a related patch set uploaded (by Andrew Bogott; author: Andrew Bogott):
[operations/puppet@production] openstack keystone: switch to idmtotp for 2fa
Change #1064480 had a related patch set uploaded (by Andrew Bogott; author: Andrew Bogott):
[operations/puppet@production] openstack keystone: add a new auth plugin to validate totp tokens against idm
Aug 10 2024
Boldly closing this a few years later :-)
Aug 5 2024
Jul 30 2024
Jul 29 2024
Jul 24 2024
Jul 22 2024
Merging Wikitech accounts is not technically possible.