Help:Disabling an account

From Wikitech
Jump to navigation Jump to search

Disabling a user's account disables them from quite a few services and shouldn't be taken lightly. Here are the steps to follow:

  1. Remove them from the shell mediawiki group
    • This will remove them from every project and every role they are a member of. It can't be undone without manually adding them back into everything.
    • Since the user will no longer be in any project groups, they'll be denied ssh access into any project.
    • The user will still be able to edit MediaWiki, and will still be able to push changes into Gerrit.
  2. Disable their account in LDAP (make sure you shred the passfile):
    su - opendj
    manage-account set-account-is-disabled --bindDN "uid=<your-shell-account-name>,ou=people,dc=wikimedia,dc=org" -j passfile --targetDN uid=<their-shell-account-name>,ou=people,dc=wikimedia,dc=org --operationValue true
    • This will disallow them from logging in to any labs related service.