User Tools

Site Tools


admin:accounts

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
admin:accounts [2016/06/09 15:58]
ejaustin [Membership Application, President/Treasurer/Vice President]
admin:accounts [2017/10/26 11:05] (current)
clee231 [Custom Active Directory Schema]
Line 5: Line 5:
 This outlines how to take new membership and create their account in ACM's Active Directory domain as well as management of existing membership accounts. This outlines how to take new membership and create their account in ACM's Active Directory domain as well as management of existing membership accounts.
  
-<WRAP center round important 95%> 
-The helper scripts that fill in the missing functionality on this page do not yet have a standard deployment and must be handed out to relevant individuals manually. 
-</​WRAP>​ 
  
 ===== How to Take Forms and Membership Dues ===== ===== How to Take Forms and Membership Dues =====
Line 19: Line 16:
   - Verify the form has been completed. In particular verify contact information and requested account name.   - Verify the form has been completed. In particular verify contact information and requested account name.
 <WRAP center round important 62%>**DO NOT accept applications with bad handwriting.**</​WRAP>​ <WRAP center round important 62%>**DO NOT accept applications with bad handwriting.**</​WRAP>​
- 
-Todo: Document a public facing membership page, directing people to a contact point for when problems arise. 
 ==== Dues Collection/​Processing ==== ==== Dues Collection/​Processing ====
  
Line 41: Line 36:
 </​WRAP>​ </​WRAP>​
  
 +Todos from spring 2016 officers accounts meeting.
  
 +Decide on how scripts/​mechanisms will be accessed and controlled
 +Document how accounts and membership are tied together. Document how this works clearly on the user facing page.
 +Document misc operations commands. See github SambaADWrapper.
 +
 +Data Retention Policy
 +Make sure official contact points are correct (partially related to email contents)
 +reply email officers@acm.cs.uic.edu lives under SambaADWrapper/​acm_ad_mod.conf (https://​acm.cs.uic.edu/​git/​sig-sysadmin/​sambaadwrapper/​blob/​master/​acm_ad_mod.conf)
 +
 +Todo: Document considerations needed for future dev work.
 +How would a fuller web flow work? AD specific considerations?​
 +
 +Ideas
 +Maintain an FAQ for future ideas/​answers. See Development Kanboard.
 +
 +Todo: Document a public facing membership page, directing people to a contact point for when problems arise.
 ==== Policies ==== ==== Policies ====
  
Line 78: Line 89:
  
 Log in to chopin. Cd to /​opt/​acm-officers/​membership. Execute the target account creation command generated in by the ACM Membership sheet located in the ACM Google Drive. Log in to chopin. Cd to /​opt/​acm-officers/​membership. Execute the target account creation command generated in by the ACM Membership sheet located in the ACM Google Drive.
 +
 +==== Activation ====
  
 Notice email body. Notice email body.
  
 Your ACM account has been created with the user name '​%s'​ and the TEMPORARY password '​%s'​\nYou must change your password when logging into the ACM server for the first time. You need to log into the server using an SSH client to connect to acm.cs.uic.edu,​ once connected you will be asked to change your password to a permanent one. You CANNOT set your INITIAL password on our website.\n\nYour permanent password MUST conform to the password requirements listed here,\n\t http://​acm.cs.uic.edu/​password-policy\n\nTo connect on Windows download and run Putty\n\t http://​www.chiark.greenend.org.uk/​~sgtatham/​putty/​\n\nOn OSX and Linux, enter the following in a terminal window\n\t'​ssh %s@acm.cs.uic.edu'​\nAnd hit enter, you will be prompted for your password and it is normal if no additional text appears on screen when you type.\n\nBest Regards,​\n\tThe UIC ACM Your ACM account has been created with the user name '​%s'​ and the TEMPORARY password '​%s'​\nYou must change your password when logging into the ACM server for the first time. You need to log into the server using an SSH client to connect to acm.cs.uic.edu,​ once connected you will be asked to change your password to a permanent one. You CANNOT set your INITIAL password on our website.\n\nYour permanent password MUST conform to the password requirements listed here,\n\t http://​acm.cs.uic.edu/​password-policy\n\nTo connect on Windows download and run Putty\n\t http://​www.chiark.greenend.org.uk/​~sgtatham/​putty/​\n\nOn OSX and Linux, enter the following in a terminal window\n\t'​ssh %s@acm.cs.uic.edu'​\nAnd hit enter, you will be prompted for your password and it is normal if no additional text appears on screen when you type.\n\nBest Regards,​\n\tThe UIC ACM
- 
-<WRAP center round todo 60%> 
-Doc new process 
-</​WRAP>​ 
-==== Activation ==== 
- 
-<WRAP center round todo 60%> 
-Doc process from email that is sent 
-</​WRAP>​ 
- 
 ==== Renewal ==== ==== Renewal ====
  
-<WRAP center round todo 60%> + Log in to chopin. Cd to /opt/​acm-officers/​membership. Execute the target account creation command generated in by the ACM Membership sheet located in the ACM Google Drive. ​
-Doc new process +
-</WRAP> +
 ==== Changing a Password ==== ==== Changing a Password ====
 System Administrators/​President/​Treasurer/​Vice President System Administrators/​President/​Treasurer/​Vice President
Line 113: Line 113:
 Login to <​username>​@acm.cs.uic.edu. Navigate to the officers scripts /​opt/​acm-officers. Under /membership run the passwdReset.sh <​username>​ <​email>​. This will send a temporary password to the target username. Login to <​username>​@acm.cs.uic.edu. Navigate to the officers scripts /​opt/​acm-officers. Under /membership run the passwdReset.sh <​username>​ <​email>​. This will send a temporary password to the target username.
  
-Reset password email notice+Reset password email notice:
  
 Your ACM account password has been reset, user name '​%s'​ and the TEMPORARY password '​%s'​\nYou must change your password by logging into the ACM server. You need to log into the server using an SSH client to connect to acm.cs.uic.edu,​ once connected you will be asked to change your password to a permanent one. You CANNOT reset your TEMP password on our website.\n\nYour permanent password MUST conform to the password requirements listed here,\n\t http://​acm.cs.uic.edu/​password-policy\n\nTo connect on Windows download and run Putty\n\t http://​www.chiark.greenend.org.uk/​~sgtatham/​putty/​\n\nOn OSX and Linux, enter the following in a terminal window\n\t'​ssh %s@acm.cs.uic.edu'​\nAnd hit enter, you will be prompted for your password and it is normal if no additional text appears on screen when you type.\n\nBest Regards,​\n\tThe UIC ACM Your ACM account password has been reset, user name '​%s'​ and the TEMPORARY password '​%s'​\nYou must change your password by logging into the ACM server. You need to log into the server using an SSH client to connect to acm.cs.uic.edu,​ once connected you will be asked to change your password to a permanent one. You CANNOT reset your TEMP password on our website.\n\nYour permanent password MUST conform to the password requirements listed here,\n\t http://​acm.cs.uic.edu/​password-policy\n\nTo connect on Windows download and run Putty\n\t http://​www.chiark.greenend.org.uk/​~sgtatham/​putty/​\n\nOn OSX and Linux, enter the following in a terminal window\n\t'​ssh %s@acm.cs.uic.edu'​\nAnd hit enter, you will be prompted for your password and it is normal if no additional text appears on screen when you type.\n\nBest Regards,​\n\tThe UIC ACM
  
-<WRAP center round todo 60%> +==== Updating Statuses for New School Year ==== 
-Doc new process + 
-</WRAP>+  - Log in to chopin. 
 +  - Cd to /opt/​acm-officers/​membership. 
 +  - Start either a tmux or screen session in case you get disconnected during the command execution.  
 +  - Run ./​update_account_groups.sh and enter your password when prompted 
 +  - The script dumps output to ~/​acm_accounts.log when running, you can use another session to watch the command status 
 +  - Wait for script to finish, this will take a couple minutes  
 + 
  
 ==== Group Membership in AD ==== ==== Group Membership in AD ====
Line 127: Line 134:
 [[admin:​adgroups|AD Groups List]] [[admin:​adgroups|AD Groups List]]
  
-===== Other LDAP Domain Operations =====+====== Other LDAP Domain Operations ​======
  
 ==== Viewing the List of Current Members (Web) ==== ==== Viewing the List of Current Members (Web) ====
Line 143: Line 150:
 === Directory Structure === === Directory Structure ===
  
- +==== Custom Active Directory Schema ==== 
 + 
 +ACM custom attributes is: `1.2.840.113556.1.8000.2554.55282.20636.13169.16663.37926.11767076.67635.X` (Where X is the numbered attribute.) ​ Custom Schema changes were requested by acting ACM Officer & Head of DevOps Team, Jeff Kaleshi. ​ These changes were made on September 11, 2017.  Custom ACM attributes are now allowable on the ACM Users object within AD.  These were configured with RSAT. More information can be found in the additional docs section. 
 + 
 +^ OID  ^ Attribute Name  ^ 
 +|   ​2.5.4.20 ​  ​| ​    ​telephoneNumber ​            | 
 +| 1.2.840.113556.1.8000.2554.55282.20636.13169.16663.37926.11767076.67635.1 | UICnetid | 
 +|1.2.840.113556.1.8000.2554.55282.20636.13169.16663.37926.11767076.67635.2 | UICUIN | 
 +|1.2.840.113556.1.8000.2554.55282.20636.13169.16663.37926.11767076.67635.3 | UICClassLevel | 
 +|1.2.840.113556.1.8000.2554.55282.20636.13169.16663.37926.11767076.67635.4 | UICMajor | 
 +|1.2.840.113556.1.8000.2554.55282.20636.13169.16663.37926.11767076.67635.5 | UICCollege |
 ==== Additional Docs ==== ==== Additional Docs ====
  
 [[https://​wiki.samba.org/​index.php/​Installing_RSAT_on_Windows_for_AD_Management]] [[https://​wiki.samba.org/​index.php/​Installing_RSAT_on_Windows_for_AD_Management]]
 +
 +[[https://​social.technet.microsoft.com/​wiki/​contents/​articles/​20319.how-to-create-a-custom-attribute-in-active-directory.aspx]]
 +
 +[[https://​gallery.technet.microsoft.com/​scriptcenter/​56b78004-40d0-41cf-b95e-6e795b2e8a06]]
admin/accounts.1465505891.txt.gz · Last modified: 2016/06/09 15:58 by ejaustin