General LDAP Documentation
torproject.org uses a single LDAP driven directory for account management across all the project run machines. This directory also provides services for leaving vacation notices, email forwarding, ssh authentication keys and other information.
Note: the 'passwd' program and 'chfn' do not work with LDAP information. Please use the web page or email gateway for the time being. All machines running OpenSSH are using replicated SSH RSA authentication keys.
Security and Privacy
Three levels of information security are provided by the database. The first is completely public information that anyone can see either by issuing an LDAP query or by visiting the web site. The next level is developer-only information that requires the search to be performed from a .torproject.org machine (see this tutorial on how to use ldapsearch from a .torproject.org machine for a direct connection to the LDAP daemon) or from the web interface after one has authenticated themselves as a Tor Developer. The final level is admin-only or user-only information; this information can only be viewed by the user or an administrator.
developer-only information includes precise location information [postalcode, postal address, lat/long] telephone numbers, and the vacation message.
Admin-only/user-only information includes email forwarding, ssh keys and the encrypted password. Note that email forwarding is necessarily publicly viewable from accounts on the actual machines.
Entries in the directory are keyed to the developers PGP key, whoever has that key can make any change to the directory through the mail interface.
The directory has several means to access it:
- SSL Web Forms
- Finger gateway, finger email@example.com
- GPG key gateway, finger firstname.lastname@example.org
- Mail gateway
- Direct LDAP Access
- LDAP command line tools such as ud-info