It's looking to be quite complicated to maintain compatibility. I think this is important because external projects may rely on the generated JSON data files, and it may not be possible to fix all the projects in time.
The change will affect two of the JSON files: public_ldap_groups.json public_ldap_committees.json In both the above cases, the guineapig projects are added to the output. This was done to maintain compatibility for external projects. In theory all projects now become guineapigs. However the ou=projects list includes lots of podlings as well. One way to maintain compatibility would be to make all the existing projects in groups/committees into guineapigs. A bit messy, but it might work. Longer term, external projects need to stop using ldap_committees, and only use ldap_groups for whatever is left (e.g. member, committers) This involves fixing phonebook and projects.a.o; there are probably others. The cutover date of Feb 9th might be somewhat optimistic. I think we need to find out if there are any other projects using the 2 above-mentioned Whimsy JSON files. On Wed, 30 Jan 2019 at 13:15, sebb <[email protected]> wrote: > > On Wed, 30 Jan 2019 at 11:36, sebb <[email protected]> wrote: > > > > Note mixed private and public lists > > > > On Wed, 30 Jan 2019 at 09:37, sebb <[email protected]> wrote: > > > > > > On Wed, 30 Jan 2019 at 03:54, Chris Lambertus <[email protected]> wrote: > > > > > > > > > > > > Sam, Whimsy Dev, > > > > > > > > Some time ago we migrated projects to use the ou=groups,ou=project > > > > format with owner and member attributes. > > > > > > > > > > > > The time has come to delete the legacy CNs. > > > > > > It might make sense to fix Whimsy ASAP and see if that causes any grief. > > > > I have started looking at Whimsy. > > > > It needs a bit of care as the Groups/Project code is closely related, > > and we need to keep the Groups for members and committers etc. > > > > There are some other entries only in ou=groups: > > > > apsite concom infra podlings > > > > I think infra and podlings are not used and could be deleted? > > (podlings is empty anyway) > > > > apsite probably ought to be in a different OU -- if it is to be kept > > It gives write access to /websites/production/www; maybe an existing > > group (member?) would do > > > > Not sure about concom - maybe it should be ou=project? > > INFRA-17782 - create concom ou=project. > > > S.
