Page MenuHomePhabricator
Create Task
Maniphest T142821

Synchronise groups defined in data.yaml to LDAP
Closed, ResolvedPublic
Actions

Description

data.yaml defines a number of groups which provide cluster permissions in sudo or via filesystem permissions. These could also be synchronised to LDAP, so that e.g. selective access to monitoring can be granted (so that the e.g. members of the parsoid-admin group would be able to query monitoring data for Parsoid hosts).

Related Objects
Search...

Event Timeline

MoritzMuehlenhoff created this task.Aug 12 2016, 10:32 AM
MoritzMuehlenhoff mentioned this in T142819: Update/add/remove LDAP entries based on changes to data.yaml.Aug 12 2016, 10:42 AM
faidon added a subscriber: faidon.Aug 12 2016, 10:42 AM
MoritzMuehlenhoff mentioned this in T142836: Cross-validation of account data.Aug 12 2016, 12:34 PM
demon triaged this task as Medium priority.Aug 31 2016, 6:34 PM
MoritzMuehlenhoff lowered the priority of this task from Medium to Low.Mar 17 2017, 10:03 AM

Memberships of wmf/nda/ops are already checked. It would be rather straightforward to implement a sync of selected groups from data.yaml to LDAP. If anyone has a specific use case to have a group defined in data.yaml to be available in LDAP, please mention it on this task and we can add that.

Phabricator_maintenance moved this task from Backlog to Acknowledged on the SRE board.Jan 26 2019, 8:47 PM
jbond closed this task as Resolved.Tue, May 23, 1:38 PM
jbond claimed this task.
jbond edited projects, added Bitu; removed SRE.
jbond added a subscriber: jbond.

im going to close this, altough i think its probably still valuable i think its already captured in the IDM planning, but please re-open if you disagree

Restricted Application added a project: Infrastructure-Foundations. · View Herald TranscriptTue, May 23, 1:38 PM
MoritzMuehlenhoff added a comment.Fri, May 26, 11:05 AM
In T142821#8873575, @jbond wrote:

im going to close this, altough i think its probably still valuable i think its already captured in the IDM planning, but please re-open if you disagree

Indeed, that will be covered by Bitu at some point.

Content licensed under Creative Commons Attribution-ShareAlike 3.0 (CC-BY-SA) unless otherwise noted; code licensed under GNU General Public License (GPL) or other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL