Page MenuHomePhabricator

Allow group members to be managed by external service (i.e. ldap)
Open, LowPublic

Description

Some for Gerrit and some other tools are managed in LDAP by ops. It will be a big headache / regression to have to doubly manage all membership for Phabricator if we can't sync groups in some way with LDAP. Honestly, it would be great to be able to do now, and the lack of it has been acutely felt.

I found an issue from someone else that outlines essentially our needs.

https://secure.phabricator.com/T3980

We should track and encourage this one.

Event Timeline

chasemp created this task.Oct 6 2014, 4:25 PM
chasemp raised the priority of this task from to Needs Triage.
chasemp updated the task description. (Show Details)
chasemp changed Security from none to None.
chasemp added a subscriber: chasemp.
Qgil added a subscriber: Qgil.

As @chasemp explained today in our team meeting, this is also relevant to keep in sync groups of reviewers for repositories, something that Gerrit is handling via ldap groups currently.

demon added a subscriber: demon.EditedOct 8 2014, 10:23 PM

I will note that most groups are not managed by LDAP, only two are 'wmf' and 'ops'

We had wanted to use them for more, but never did. Since it's only 2 groups it wouldn't be the end of the world if we had to manage it here.

chasemp updated the task description. (Show Details)Oct 8 2014, 10:25 PM
Qgil triaged this task as Medium priority.Oct 9 2014, 8:46 PM
Qgil removed a project: Gerrit-Migration.
revi added a subscriber: revi.Oct 11 2014, 2:00 PM
Dzahn added a subscriber: Dzahn.Nov 3 2014, 9:16 PM
In T550#9744, @Chad wrote:

I will note that most groups are not managed by LDAP, only two are 'wmf' and 'ops'
We had wanted to use them for more, but never did. Since it's only 2 groups it wouldn't be the end of the world if we had to manage it here.

there is a third group called "nda" which was made specifically for non-ops non-wmf volunteer people who signed an NDA and we use this to give access to Icinga/graphite/etc.

Qgil added a comment.Nov 3 2014, 9:27 PM
In T550#18293, @Dzahn wrote:

there is a third group called "nda" which was made specifically for non-ops non-wmf volunteer people who signed an NDA and we use this to give access to Icinga/graphite/etc.

Related: T655: Implement the Volunteer NDA process in Phabricator

In T550#18303, @Qgil wrote:
In T550#18293, @Dzahn wrote:

there is a third group called "nda" which was made specifically for non-ops non-wmf volunteer people who signed an NDA and we use this to give access to Icinga/graphite/etc.

Related: T655: Implement the Volunteer NDA process in Phabricator

and T1051: Project proposal: WMF-NDA

Qgil lowered the priority of this task from Medium to Low.Dec 2 2014, 8:57 AM

The fact is that we are going ahead with our migrations without this factor, and as of today we basically rely on the progress upstream. Setting priority to Low for now.

Qgil added a comment.Apr 7 2015, 1:35 PM

If someone has $10K-$20K USD, the feature could be prioritized. https://secure.phabricator.com/T3980#104556

Restricted Application added a subscriber: TerraCodes. · View Herald TranscriptMay 23 2016, 6:06 PM