Closed Bug 1233563 Opened 10 years ago Closed 10 years ago

Change LDAP email address

Categories

(Infrastructure & Operations :: Infrastructure: LDAP, task)

Product:
Infrastructure & Operations
Component:
Infrastructure: LDAP
Type:
task
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: alex_johnson, Assigned: jabba)

Details

Change LDAP email address from mrjohnsonalex@gmail.com to me@alex-johnson.net
Assignee: mozillamarcia.knous → nobody
Component: Repository Account Requests → MOC: Service Requests
Product: mozilla.org → Infrastructure & Operations
QA Contact: lypulong
I wasn't able to make the change within LDAP UI. Punting over to systems team for assistance.
Assignee: nobody → infra
Component: MOC: Service Requests → Infrastructure: LDAP
QA Contact: lypulong → jdow
Unfortunately, since we use the mail attribute as the rDN attribute in our LDAP database, it's essentially the same amount of work to change an e-mail address as it is to just create a new account. Since all references to an object in LDAP are to the DN, and therefore the mail attribute, all references need updated in either situation. So we have two options here: 1) Create a new account, compare both old and new and make sure new has all the same attribute values and group memberships as the old, then disable or delete the old account. The posix UID number, if desired to stay the same, will need manually changed to the old value after the old account has been deleted. The user will get a new password in this process. 2) Use the "moddn" function of the LDIF standard and the ldapmodify tool. In this scenario, the password and uid number and any internal operational attributes will remain the same, but all group memberships will need to still be updated, so all group memberships will need to be recorded before this is done, so that they can be re-applied to the account after the change. Either option is a little tedious and will need to be done by an LDAP administrator (preferably myself) and it is best to schedule a specific time for the change with the user, so that they can verify after the change that all their LDAP-related activities still function after the change. :alex_johnson, any preference on which of the two options we pursue, and when a good time is for us to make the change such that it won't be disruptive?
Assignee: infra → jdow
Flags: needinfo?(me)
No preference, whichever is easier for the admin doing it. And anytime after 5pm EST would the best time. Thank you!
Flags: needinfo?(me)
Let's shoot for Tomorrow at 2pm Pacific (5pm EST). I'll ping you on IRC when I make the change so that you can test things.
I did the rename and :alex_johnson confirmed a successful login over IRC. Please ping me if any issues crop up from this, but I think I've covered all the bases.
Status: NEW → RESOLVED
Closed: 10 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.