data.yaml defines a number of groups which provide cluster permissions in sudo or via filesystem permissions. These could also be synchronised to LDAP, so that e.g. selective access to monitoring can be granted (so that the e.g. members of the parsoid-admin group would be able to query monitoring data for Parsoid hosts).
|Open||None||T142815 Enhance account handling (meta bug)|
|Declined||None||T142819 Update/add/remove LDAP entries based on changes to data.yaml|
|Resolved||jbond||T142821 Synchronise groups defined in data.yaml to LDAP|
Memberships of wmf/nda/ops are already checked. It would be rather straightforward to implement a sync of selected groups from data.yaml to LDAP. If anyone has a specific use case to have a group defined in data.yaml to be available in LDAP, please mention it on this task and we can add that.
im going to close this, altough i think its probably still valuable i think its already captured in the IDM planning, but please re-open if you disagree