Ensure that the authentication and authorization configuration matches what we need for the MVP.
Currently we use the Wikitech LDAP database as the authentication database.
We had attempted to filter the user list down to those accounts who were either a member of the 'nda' or 'wmf' groups in T301462: Configure LDAP authentication for the DataHub frontend but it hasn't ye't worked properly.
This means that there are currently 38,549 user accounts permitted to log into DataHub. What's more, anyone can create one, as it is only a Wikitech account.
We need a way to link the LDAP accounts with the existing nda and wmf LDAP groups, so that we can apply different policies to staff members and those who have signed the NDA.
This ingestion plugin: https://datahubproject.io/docs/metadata-ingestion/source_docs/ldap/ is supposed to import LDAP users and groups, however it is currently lacking in functionality and does not currently apply group memberships correctly.
We need a working solution for the MVP phase whereby we can be certain about what rights should be applied to the wikitech account holders who are not members of either the wmf nor the nda group.