Guide to RRS for Clubs and Socs Days
Before C&S Day
Some general notes on using slapadd and slapcat:
Purge the ldap database files before doing a slapadd. Always add everything in one go with slapadd as this is faster. Always use the dry-run (-u) option before adding for real.
slapcat should only be run when slapd is r/o or not running. If slapd can't be stopped or made r/o and a copy of the tree is needed, use this:
ldapsearch -xLLL -y /etc/ldap.secret -D cn=root,ou=ldap,o=redbrick > rb.ldif
Also, it's best to log your session (e.g. with script) when running the various batch commands that produce a lot of output.
Make master ldap r/o (add "readonly on" to slapd.conf)
Stop slurpd.
Take backup of current tree, now that ldap is r/o.
slapcat -l slapcat.pre-newyear
At the start of each academic year, before c&s day, yearsPaid has to be decremented by 1 and newbie set to False for every account. This can be done online with LDAP or offline with LDIF. LDIF method is given here:
./newyear_ldif.py < slapcat.pre-newyear > slapcat.pre-rrs
If using the LDIF method, slapadd slapcat.pre-rrs back again (ldap still r/o)
The mailing out of renewal reminders can be done before or after c&s day. If done after, there'll be less mails sent out.
rb-ldap alert-unpaid
Post C&S
Once you've added all the new users using the rb-ldap add
command you need to
generate the uservhost config for apache. This is accomplished by running
rb-ldap generate
then moving the generated list of users vhosts to apache.
Later On
A month or two after c&s day, unpaid accounts need to be disabled.
rb-ldap disable-unpaid
Also the unpaid accounts from last year (the "grace" accounts) need to be deleted. This is a good time to make a backup! And don't forget to log your session, so you have a record.
useradm list_unpaid_grace
These accounts will be DELETED permanently. Please MAIL THIS LIST TO
ADMINS@ BEFORE running delete-unpaid
so that it can be checked by everyone.
After another few days these accounts can be deleted. You should check that the
previous day's backup jobs have completed successfully before running a delete.
rb-ldap delete-unpaid
Usually people who haven't paid (yet) request their shell to be enabled again. Admins can find these fee-evaders:
useradm list_unpaid_reset
...and then crack down on them:
rb-ldap disable-unpaid