... | ... | @@ -387,7 +387,14 @@ location (and new address) without having to do much. |
|
|
# Reference
|
|
|
## Installation
|
|
|
|
|
|
TODO: explain how an LDAP server could be installed from scratch.
|
|
|
All `ud-ldap` components are deployed through Debian packages,
|
|
|
compiled from the git repositories. It is assumed that some manual
|
|
|
configuration was performed on the main LDAP server to get it
|
|
|
bootstrapped, but that procedure was lost in the mists of time.
|
|
|
|
|
|
Only backups keep us from total catastrophe in case of
|
|
|
lost. Therefore, this system probably cannot be reinstalled from
|
|
|
scratch.
|
|
|
|
|
|
## SLA
|
|
|
|
... | ... | @@ -398,13 +405,13 @@ authentication and authorization, and machines. |
|
|
|
|
|
## Design
|
|
|
|
|
|
<!-- TODO: perform this audit https://bluesock.org/~willkg/blog/dev/auditing_projects.html -->
|
|
|
The LDAP setup at Tor is based on the one from Debian.org. It has a
|
|
|
long, old and complex history, lost in the mists of time.
|
|
|
|
|
|
The LDAP setup at Tor is based on the one from
|
|
|
Debian.org. `/etc/password` and `groups` files are synchronized from
|
|
|
the central LDAP server using the `sshdist` account, which means
|
|
|
things keep working when LDAP is down. Most operations can be
|
|
|
performed on the [db.torproject.org](https://db.torproject.org/) site or by [email](https://db.torproject.org/doc-mail.html).
|
|
|
Configuration and database files like SSH keys, OpenPGP keyringsm,
|
|
|
password, group databases, or email forward files are synchronised to
|
|
|
various hosts from the LDAP database. Most operations can be performed
|
|
|
on the [db.torproject.org](https://db.torproject.org/) site or by [email](https://db.torproject.org/doc-mail.html).
|
|
|
|
|
|
### Architecture overview
|
|
|
|
... | ... | @@ -1071,7 +1078,14 @@ includes personnally identifiable information (PII) like `Received-by` |
|
|
headers (which may include user's IP addresses), user's email
|
|
|
addresses, SSH public keys, hashed sudo passwords, and junk mail.
|
|
|
|
|
|
TODO: expand. slapd logs? web interface?
|
|
|
TODO: expand. slapd logs? web interface? specifically:
|
|
|
|
|
|
1. How long are logs kept for? Who has access to the logs? Are logs
|
|
|
archived somewhere? How long is that kept for?
|
|
|
1. How long are metrics kept for? Who has access to metrics? Are
|
|
|
metrics archived somewhere? How long is that kept for?
|
|
|
1. What personally identifiable information is captured by the
|
|
|
project? Where is it stored? How long is it stored for?
|
|
|
|
|
|
## Backups
|
|
|
|
... | ... | @@ -1096,7 +1110,23 @@ Bacula. |
|
|
it could be older) and is hard to debug and extend. This section aims
|
|
|
at documenting issues with the software and possible alternatives.
|
|
|
|
|
|
TODO.
|
|
|
Our [userdir-ldap repository](https://gitweb.torproject.org/admin/userdir-ldap.git/) is a fork of the [DSA userdir-ldap
|
|
|
repository](https://salsa.debian.org/dsa-team/mirror/userdir-ldap). The codebase is therefore shared with the Debian
|
|
|
project, which uses it more heavily than TPO. According to [GitLab's
|
|
|
analysis](https://salsa.debian.org/dsa-team/mirror/userdir-ldap/-/graphs/master), weasel has contributed the most to the repository (since
|
|
|
2007), followed closely by Joey Schulze, which wrote most of the code
|
|
|
before that, between 1999 and 2007.
|
|
|
|
|
|
The service is mostly in maintenance mode, both at DSA and in TPO,
|
|
|
with small, incremental changes being made to the codebase over all
|
|
|
those years. Attempts have been made to rewrite it with a Django
|
|
|
frontend ([ud](https://github.com/Debian/ud), 2013-2014 no change since 2017) or Pylons
|
|
|
([userdir-ldap-pylons](https://salsa.debian.org/dsa-team/mirror/userdir-ldap-pylons), 2011, abandoned), all have been abandoned.
|
|
|
|
|
|
TODO: next steps for LDAP:
|
|
|
|
|
|
* Are there any in-progress projects? Technical debt cleanup? Migrations? What state are they in? What's the urgency? What's the next steps?
|
|
|
* What urgent things need to be done on this project?
|
|
|
|
|
|
### Possible issues with userdir-ldap
|
|
|
|
... | ... | @@ -1117,6 +1147,14 @@ TODO. |
|
|
with custom pattern replacement, without any other framework than
|
|
|
Perl's builtin `CGI` module
|
|
|
|
|
|
* large technical debt: ud-ldap is written in (old) Python 2, Perl
|
|
|
and shell, which makes it hard to maintain. it will at least need
|
|
|
to be ported to Python 3 in the short term. ud-ldap has no test
|
|
|
suite, linting or CI of any form. opening some files
|
|
|
(e.g. `ud-generate`) yield so many style warnings that my editor
|
|
|
(Emacs with Elpy) disables checks. it is believed to be impossible
|
|
|
or at least impractical to setup a new ud-ldap setup from scratch.
|
|
|
|
|
|
## Goals
|
|
|
<!-- include bugs to be fixed -->
|
|
|
|
... | ... | @@ -1133,6 +1171,8 @@ TODO. |
|
|
|
|
|
## Cost
|
|
|
|
|
|
TODO: part of which budget?
|
|
|
|
|
|
## Alternatives considered
|
|
|
|
|
|
<!-- include benchmarks and procedure if relevant --> |