Task #6719 (new)
Opened 13 years ago
Last modified 10 years ago
LDAP: Add DN for groups — at Version 1
Reported by: | jamoore | Owned by: | jamoore |
---|---|---|---|
Priority: | critical | Milestone: | OME-5.0 |
Component: | Security | Version: | n.a. |
Keywords: | n.a. | Cc: | bpindelski, cxallan, atarkowska, sylittlewood |
Resources: | n.a. | Referenced By: | n.a. |
References: | n.a. | Remaining Time: | n.a. |
Sprint: | n.a. |
Description (last modified by jmoore)
While working on #6248 (#6702 et al) it was brought up that perhaps we shouldn't remove users from groups that are not present in LDAP. To safely do that, however, we will need to detect which groups were created via LDAP by setting a DN for them. These values may should be exposed via the Hibernate objects (experimenter, experimentergroup) rather than as a hidden column of the permission table. Administrators would need to set the DN for all of their LDAP groups after the upgrade.
See also #2587 which points perhaps to a "SOURCE" column rather than the actual DN. If each experimenter and or experimenter-group could be flagged as "from LDAP" or similar, then we wouldn't need to duplicate and synchronized the DN. Would we need to include the LDAP source URL, though? What happens if it changes? Do we then need an "LDAPSource" in the DB? Etc.
Change History (1)
comment:1 Changed 13 years ago by jmoore
- Description modified (diff)
- Milestone changed from Unscheduled to OME-5.0