From ClueWiki

New remctl command set: remctl privapp.api.cluenet.org privapp

usage

To create a new requirement, select a requirement ID. Examples are: "aboutmeessay" "blankspaceessay" "tosquestions" "cluepoints"

You must be a server owner or admin to create a new requirement.

There are several different types of requirements that you can create. The types are: "shortanswerseries" "essay" "multiplechoicequestions" "remctl" "uservote"

A shortanswerseries requirement is where the user responds to a list of short answer questions.

An essay requirement is where the user writes a big block of text.

A multiplechoicequestions requirement is where the user is given a list of multiple choice questions and asked to respond.

A remctl requirement is a blank template where the user cannot respond, but requirement checking is instead delegated to an external API via a remctl command.

A uservote requirement is where the user cannot respond, but a vote is held on the user.

Use this command to create a new requirement template in LDAP: remctl privapp.api.cluenet.org privapp newrequirement <RequirementID> <RequirementType>

After a requirement template is created, the information in LDAP must be filled in. The requirement DN that is created is:

requirementID=<ID>,ou=requirements,dc=cluenet,dc=org

The LDAP attributes in a Requirement entry are as follows:

requirementID - The ID of the requirement.
requirementType - The type of the requirement.
requirementAuthor - The author of the requirement (the one that is allowed to make modifications)
requirementData - Public data associated with the requirement - the format of this depends on the requirementType.
requirementPrivData - Private data associated with the requirement
requirementOverview - A short sentence describing the requirement.
scoreCheckMethod - (See Below), this is how the score is calculated
authorizedVoter - A DN that is allowed to vote
acctvoteCanVote - If this is set to TRUE (recommended), people with the clueAuthorizedAbility of acctvote can vote as well.
isActive - If this is FALSE, people cannot respond to this requirement

Formats of requirementData, requirementPrivData, and scoreCheckMethod for each requirementType:

shortanswerseries:
requirementData - Short answer questions, one per line.
requirementPrivData - Nonexistent.
scoreCheckMethod - vote:<MINVOTES>:<NUMTOAVG>

essay:

requirementData - The essay question.
requirementPrivData - Nonexistent.
scoreCheckMethod - vote:<MINVOTES>:<NUMTOAVG>

multiplechoicequestions:

requirementData - Each multiple choice question in the format:
 Question?
 a. Answer1.
 b. Answer2.
 c. Answer3.

Each separated by one blank line.

requirementPrivData - The answer letters, one per line, corresponding to each question, in order.
scoreCheckMethod - multiplechoicepercent

remctl:

requirementData - The remctl command to use, in the format: <HOST> <COMMAND> <SUBCOMMAND> [Parameter1, Parameter2 ...] 
The two substitutions "<IRCNICK>" and  "<USERNAME>" can be used to substitute in the IRC nick of the user and username of the user, respectively.
requirementPrivData - Nonexistent.
scoreCheckMethod - remctl

uservote:

requirementData - Nonexistent.
requirementPrivData - Nonexistent.
scoreCheckMethod - vote:<MINVOTES>:<NUMTOAVG>

All votes are ratings from 0 to 100.

Users can respond to certain types of questions. A user can create a basic response template with the command:

remctl privapp.api.cluenet.org privapp newresponse <RequirementID>

After the template is created, the user must create the response in LDAP (responseUserID=USERNAME,requirementID=REQUIREMENTID,ou=requirements,dc=cluenet,dc=org).

The following attributes can be used:

responseUser: The DN of the responding user, used for LDAP ACLs.  Automatically generated.
responseUserID: The username of the responding user, used for the DN.  Automatically generated.
requirementAuthor: The DN of the author of the requiremen, used for LDAP ACLs.  Automatically copied from the parent requirement.
acctvoteCanVote: Similar to requirementAuthor.
authorizedVoter: Similar to requirementAuthor.
responseData: User-editable response data, the format depends on the requirementType.
responsePrivData: This data can only be seen and edited by the requirementAuthor.  It's used for things such as storing votes anonymously.
isActive: This defaults to FALSE before the response is completed by the user.  The user must change it to TRUE before their response can be scored or voted upon.
isPublic: This defaults to FALSE.  If the user wants to make their essay or other response public, they can set this to TRUE to show other users.  

Note: Answers to things such as multiple choice questions should never be set public.

The format of responseData for the different requirementTypes is:

shortanswerseries: One response per line.  Responses cannot contain newlines.
essay: Just the essay ... newlines are allowed.
multiplechoicequestions: Same format as the requirementPrivData for this responseType.  One answer per line.
remctl: Users cannot respond.
uservote: Users MUST respond to be voted on, but the responseData should not exist, and if it does, it's ignored.

Additional info, to be moved later

Server entries in LDAP can now have a new attribute: serviceRequirement

The serviceRequirement entry specifies a service, or group of services, on a server, and which requirements the user has to meet to get that service.

The services are added automatically via the authorizedHostService attribute.

The format of the serviceRequirement attribute is: ServicePackName:Service1,Service2,...:Requirement1.MinScore1,Requirement2.MinScore2,...

The ServicePackName is the name of the "Service Pack" (no relation to windows service packs), which are just a list of services grouped together with the same requirements.

For example, the default recommended serviceRequirement for shell access is:

shellaccess:ssh,sshd,su,sudo,atd,cron,passwd,login:basicshellquestions.75,basicmiscquestions. \
75,aboutmeessay.75,shellusageessay.75,communitycontributeessay.50,blankspaceessay.40,tosquestions.100,cluepoints.750,netadminshellvote.65

This means that the service pack is called "shellaccess", and that the list of services in the service pack are ssh, sshd, su, sudo, atd, cron, passwd, and login.

It also states that the user must have a score of at least 75 on the basicshellquestions short answers, the basicmiscquestions, the aboutmeessay essay, and the shellusageessay. The user must have at least a 50 on the communitycontributeessay and at least a 40 on the blankspaceessay. The user must also answer every multiple choice tosquestions correctly, have at least 750 cluepoints (from davinci), and get a score of at least 65% by network admin vote (although even a single network admin vote counts).

There are also a few new remctl commands to go along with this.

This command retrieves the scores the given user has on the listed requirements"

remctl privapp.api.cluenet.org privapp getscores <RequirementID1,RequirementID2,...> <UserID>

This command checks each requirement to see if a user is eligible for a given ServicePack on a given server - it prints out the data in the form "RequirementID:MinScore:UserScore:Yes/No" where the Yes or No indicate whether or not the user satisfies that requirement. A UserScore of "err" indicates an error getting that score, and a UserScore of "noresponse" indicates that the user has not yet responded to that requirement.

remctl privapp.api.cluenet.org privapp checkhostservicerequirements <Host> <ServicePack>

This command actually adds the authorizedHostService attributes to the user if the user satisfies all the requirements:

remctl privapp.api.cluenet.org privapp addauthhostservice <Host> <ServicePack>