[Labs-l] Per-project service users and groups
Andrew Bogott
abogott at wikimedia.org
Tue Mar 19 20:09:18 UTC 2013
On 3/16/13 4:34 PM, Ryan Lane wrote:
>
> We'll be adding two OUs, each will hold a set of objects:
>
> ou=people,<project>,ou=projects,dc=wikimedia,dc=org
> a set of service users in a project
>
> uid=local-<user>,ou=people,<project>,ou=projects,dc=wikimedia,dc=org
> a service user in a project
>
> ou=groups,<project>,ou=projects,dc=wikimedia,dc=org
> a set of service groups in a project
>
> cn=local-<group>,ou=groups,<project>,ou=projects,dc=wikimedia,dc=org
> a service group in a project
I'm starting to write the php code to create/delete groups and
and/remove members, and I think I don't have all the info I need here.
Can you run down an example or two? Specifically, I'm not clear how a
given user is given membership in a specific group.
Also: If there's going to be a 1:1 relationship between service
users and service groups, do we really need to keep track of service
users in ldap at all? That is: if there's a 'local-superbot' group,
then we can take for granted that there will be a 'local-superbot' user,
right?
-Andrew
More information about the Labs-l
mailing list