[SAC] [MOTION] refresh SAC LDAP group: vote to remain !

[Sandro Santilli]

On Wed, Sep 07, 2022 at 06:22:20PM -0400, Regina Obe wrote:
> > I don't find "msmitherdc" on that list (shell?group=sac) but I found you on the
> > other list, supposedly related to telascience which I think we're not using
> > anymore.
> > I've removed you from there.
> > 
> > See https://trac.osgeo.org/osgeo/ticket/2804 for the confusion..
> 
> You sure telascience is not used anymore.

No, I'm not sure.

We are talking about shell, so I wonder:
which host machines to we have ?

Supposedly this page should tell us:
https://wiki.osgeo.org/wiki/SAC_Service_Status
And it tells us Telascience machines are not used:
https://wiki.osgeo.org/wiki/SAC_Service_Status#Historical_servers_.28not_more_in_use.29

How do current machines decide whether or not to allow
shell access ? Was there a wiki page describing that ?
The Sac_Service_Status mentions in a couple of places:

  "You need to be in the shell group"
  "You must be a member of the OSGeo shell group"

But there's no such thing as a "shell group", rather
we have a "sac" group and a "telascience" group, both
being "common names" (cn) in the "shell" organizational
unit. I don't know how to extract other common names in
that organizational unit (if it makes any sense).

The Sac_Service_Status page also links to 
https://id.osgeo.org/ldap/shell when referring to
"the shell group" and that's the "telascience" group.

How are machines allowing shell access via LDAP configured ?
This page seems to mention something and also reveal there's
another group "qgis" in the "shell" organizational unit:

  https://wiki.osgeo.org/wiki/SAC:Standard_System_Setup#Enable_LDAP

That "cn" (qgis) is indeed existing and described as:

  Shell Access for QGIS VM

I found these other wiki pages which may (or may not)
be relevant:

  https://wiki.osgeo.org/wiki/SAC:Security_Groups_Policy

We need to bring all these pages up to date with the new
infrastructure, I suppose.

--strk;