On Wed, Aug 9, 2017 at 7:36 AM, sebb <seb...@gmail.com> wrote:
> The following are only in LDAP groups
> apsite
> committers
> concom
> infra
> member
> podlings
> security
>
> I think we'll probably need to keep these

TL;DR: I'd like to get rid of those.

Apsite is unused/unmaintained, and should be dropped.

Podlings was created by me to see if it would help tools distinguish
between podlings and PMCs.  So far, nobody has used it.  Reproreq went
with grabbing this data from JSON instead.

The infrastructure team has code that does tests to see if the
attribute is member or memberUid, and if the result is a simple id or
a full dn.  It would be nice to standardize on one pattern.  Unix
groups (in LDAP) are the only exception to using member and dn.

Nexus (in particular) can only support one pattern.  I set up
cn=committers,ou=role,ou=groups,dc=apache,dc=org to get us past that
issue, but haven't replaced the new account process yet.  Initially,
new accounts will be added to both places.  Over time, we can get rid
of the group.  This will affect an unknown number of tools (for
example: look for AuthLDAPGroup in whimsy.conf).

> The following are only in LDAP committees
> tac
>
> It would be tedious if LDAP committees had to be kept just to support tac

+1

- Sam Ruby

Reply via email to