[SAC] LDAP organization help
Sandro Santilli
strk at kbt.io
Wed Sep 7 02:03:29 PDT 2022
We probably need better documentation, in general, about how LDAP
database is organized.
What we have so far is here:
https://wiki.osgeo.org/wiki/SAC:LDAP#LDAP_structure
>From that view we have an "osgeo.org" organization
(dc=osgeo,dc=org) containing the following
"organizational units" (ou):
- people
- projects
- svn
- shell
A common name (cn) "admin" in the "projects" organizational unit
contains a group of names (objectClass=groupOfNames) representing,
according to the entry description:
osgeo sysadmin group
That list has only 9 entries, of the 23 people listed as "active"
on the wiki: https://wiki.osgeo.org/wiki/SAC#Active
But that same wiki page says that the
"authoritative list of current SAC administrators" is retrived
by https://id.osgeo.org/ldap/shell?group=sac which basically lists
the group of names in the "sac" common name in the "shell"
organizational unit, which is, according to the entry description:
Shell Access for OSGeo SAC
so I'm not sure which services use which group of names to tell
who's to have the powers to administer services.
In general we need better understanding of LDAP to decide how
to assign privileges to groups, and the best would be to write
this information in this page:
https://wiki.osgeo.org/wiki/SAC:LDAP#LDAP_structure
Where do we want to start ?
Time to upload some LDAP crash course to our brand new peertube
instance ? :)
--strk;
More information about the Sac
mailing list