Page MenuHomePhabricator

Document LDAP structure unambiguously
Open, MediumPublic

Description

I find it very hard to comprehend the structure of LDAP users, projects, service groups, etc. Some information can be glimpsed from code (which may be wrong thus perpetuating errors), pages like https://wikitech.wikimedia.org/wiki/Labs_keystone_roles are confusing with their before/after parts.

There should be unambiguous and concise documentation that describes what LDAP entries are used for what purpose and how they are structured and that can be easily referred to at three o'clock.