Task #6719 (new)
Opened 13 years ago
Last modified 10 years ago
LDAP: Add DN for groups — at Initial Version
Reported by: | jamoore | Owned by: | jamoore |
---|---|---|---|
Priority: | critical | Milestone: | Unscheduled |
Component: | Security | Version: | n.a. |
Keywords: | n.a. | Cc: | bpindelski, cxallan, atarkowska, sylittlewood |
Resources: | n.a. | Referenced By: | n.a. |
References: | n.a. | Remaining Time: | n.a. |
Sprint: | n.a. |
Description
While working on #6248 (#6702 et al) it was brought up that perhaps we shouldn't remove users from groups that are not present in LDAP. To safely do that, however, we will need to detect which groups were created via LDAP by setting a DN for them. These values may should be exposed via the Hibernate objects (experimenter, experimentergroup) rather than as a hidden column of the permission table. Administrators would need to set the DN for all of their LDAP groups after the upgrade.