[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

resurrect db.debian.org patches

Roughly one year ago, David B Harris proposed some patches for the
documentation on db.debian.org to this list[1]. Since we couldn't
do anything about it then, Matt Kraai referred him to admin@db.d.o
which doesn't seem to have worked out, though.

As we now have the possibility to apply these patches ourselves,
I would like to re-propose the here (attached). As they are for the .html
documents, they might not apply cleanly to the wml sources but you
will get the idea.

Comments welcome (especially if some parts are already outdated again).

[1] http://lists.debian.org/debian-www/2004/02/msg00218.html

Frank Lichtenheld <djpig@debian.org>
www: http://www.djpig.de/
--- doc-direct.html	2005-01-16 00:42:17.257201445 +0100
+++ ../doc-direct.html	2005-01-16 00:42:06.654388786 +0100
@@ -46,41 +46,48 @@
 <h1>Direct LDAP Access</h1>
+<p>Since the <a
+the information available to non-developers via the LDAP interface has been
+limited a great deal. However, as always, the full database is accessible from
+any .debian.org machine. If you wish relatively unfettered access to the LDAP
+database, connect to it from a .debian.org machine, such as gluck.debian.org
+(which is recommended for general shell usage anyhow).
-The LDAP utilities package provides a program called ldapsearch that can be
-used to execute direct queries to the database. Generally this is done by
+The LDAP utilities package (<a
+href="http://packages.debian.org/ldap-utils";>ldap-utils</a>) provides a
+utility called ldapsearch that can be used to execute direct queries to the
+database. This is done by supplying the following arguments to ldapsearch:
+<strong>-x -H ldap://db.debian.org -b dc=debian,dc=org</strong>. Alternatively,
+the <strong>-H</strong> and <strong>-b</strong> options can be put in one's
+~/.ldaprc, in the following form:
+[ dbharris@gluck: ~/ ]$ cat ~/.ldaprc
 HOST db.debian.org
 BASE dc=debian,dc=org
-in ~/.ldaprc. Then queries can be performed, for instance
-samosa{jgg}~#ldapsearch uid=wakkerma keyfingerprint
+<strong>-x</strong> tells ldapsearch to use "simple" (non-SASL, non-Kerberos)
+authentication. There appears to be no ~/.ldaprc option which does the same as
+<strong>-x</strong>. With these parameters specified, we're ready to begin
+searching. Here's an example: <pre>
+[ dbharris@gluck: ~/ ]$ ldapsearch -x uid=dbharris keyfingerprint
+# dbharris, users, debian, org
+dn: uid=dbharris,ou=users,dc=debian,dc=org
+keyFingerPrint: CC53F12435C07BC258FE7A3C157DDFD959DDCB9F
-Shows the PGP key finger prints for the <tt>wakkerma</tt> user. The first word
-in the command is the query to perform, the rest of command line are the
-attributes to return, if omitted then all readable attributes are returned.
-More complicated queries are possible, for instance:
+The first non-option argument (<strong>uid=dbharris</strong> in this case) is
+the query to perform, and the rest of the arguments are the attributes to
+return. If you only specify the query, but don't provide any attributes to
+return, all readable attributes are returned. While the example was quite
+simple, complex queries can be performed as well:
-samosa{jgg}~#ldapsearch '(&(!(loginshell=/bin/bash))(uid=*))' loginshell
+[ dbharris@gluck: ~/ ]$ ldapsearch -x -H ldap://db.debian.org -b dc=debian,dc=org '(&(!(loginshell=/bin/bash))(uid=*))' loginshell
-Shows users that do not use bash as their shell. Some other interesting
-queries are:
+That query shows users that do not use bash as their shell. Some other
+interesting queries are:
 <li>Count the number of developers <tt>(&(keyfingerprint=*)(gidnumber=800))</tt>
 <li>Show people in a certain group <tt>gidmembership=adm</tt>
--- doc-general.html	2005-01-16 00:42:18.697719440 +0100
+++ ../doc-general.html	2005-01-16 00:42:07.052531954 +0100
@@ -60,9 +60,12 @@
 Three levels of information security are provided by the database. The first
 is completely public information that anyone can see either by issuing an
 LDAP query or by visiting the web site. The next level is "developer-only"
-information that requires authentication to the directory before it can be
-accessed. The final level is admin-only or user-only information; this
-information can only be viewed by the user or an administrator.
+information that requires the search to be performed from a .debian.org machine
+(see <a href="doc-direct.html">this tutorial</a> on how to use ldapsearch from
+a .debian.org machine for a direct connection to the LDAP daemon) or from the
+web interface after one has authenticated themselves as a Debian Developer. The
+final level is admin-only or user-only information; this information can only
+be viewed by the user or an administrator.
 developer-only information includes precise location information
 [postalcode, postal address, lat/long] telephone numbers, and the vacation

Reply to: