comanage-dev - Re: [comanage-dev] Major Changes To Groups For CO-1404
Subject: COmanage Developers List
List archive
- From: Scott Koranda <>
- To: Benn Oshrin <>
- Cc:
- Subject: Re: [comanage-dev] Major Changes To Groups For CO-1404
- Date: Tue, 31 Jan 2017 19:33:39 -0600
- Ironport-phdr: 9a23:6ebDfhDEJk3jMlE/oPeoUyQJP3N1i/DPJgcQr6AfoPdwSPX4r8bcNUDSrc9gkEXOFd2CrakV16yI7eu7CSQp2tWoiDg6aptCVhsI2409vjcLJ4q7M3D9N+PgdCcgHc5PBxdP9nC/NlVJSo6lPwWB6nK94iQPFRrhKAF7Ovr6GpLIj8Swyuu+54Dfbx9GiTe5br5+NhS7oATeusQYgoZpN7o8xAbOrnZUYepd2HlmJUiUnxby58ew+IBs/iFNsP8/9MBOTLv3cb0gQbNXEDopPWY15Nb2tRbYVguA+mEcUmQNnRVWBQXO8Qz3UY3wsiv+sep9xTWaMMjrRr06RTiu86FmQwLzhSwZKzA27n3Yis1ojKJavh2hoQB/w5XJa42RLfZyY7/Rcc8fSWdHQ81fVTFOApmkYosUAeQPPfhWoZT+qVsAohSxGRSjC+HhxTJTmn/6wbc33/g9HQzcwgAtGc8FvnTOrNXyMacfSf27w7XPzTXfc/NdxDLz6I/Sch87p/GDQKh/etfWxEk0FAPFiU+QppbjPzyIzOsAqHOb7/JgVe2xkW4nqh1+rSKrxsgwjYnIiI0VykrD9SVk2IY5P8G3SEl+YdO9FpZbqiKUN5NuT888QmxkpCQ3x7gIuZO4ZycG1JEqyhHDZ/CbboSF5w7sWPqKLjp9gX9pZqyziAuq/UWiyuDwTMq53VdQoiZYndTAqGoB2wHN5sSbTPZ2412v1iyV1w/J7+FJOUA0mrTfK54m2rMwk4AcsUXHHiPvmUX2kLOaelwr++S29ejof6/qppCbN49zhQH+NrohltajDuQ/NwgCR2mb+eKi273/5UD1XrRHguE0n6TcvpDXJt8UqrK8DgJazoov9wuzAjK639gEhnYKKVdIdAyZg4f0I13OJer3Dfa7g1SiijdrwPXGM6X6ApXOKXjDiq3ufbBg5EFG0wczwtVf6IhVCrEFOv78RkjxtNnAAh8jLwO02/rnCMl61o4GQm2AHKmZMKXVsVKT5+IvJfWMa5EPuDb7Nfcl++DigWUnllAAYKmjxYEXZ2ygHvR6P0WZZmLhjcsGEWcPpAU+SvbliFKcXjJKenm9Qbw86yo/CIKnFofDWputjKKb0Ce6GJ1Wen5JCkqKEXj2a4WIRe0AZzyPLc98wXQ4Uu2LRoknnTa1tBX7zfIzJOfS/CowtJT/2cJz6vGJ0xw+6GonId6a1jS2RGZogisrQCU/2qx26RhmyVCZ2K50itRDDdxe/fJCWwMxMoHT1etnE5b5XQeXLYTBc0qvXtjzWWJ5ddk22dJbJh8lQ9g=
> I realize this is a bit late for 1.1.0, but we need to solve the "members is
> everyone or just active people" issue for Lafayette, so this is technically
> a bug. As I dig through this, a lot of code is touched, so I'm inclined to
> try to fix a few longstanding issues that are sort of related.
>
> Ignoring transition issues for the moment, my proposal is to add two new
> attributes to co_groups:
>
> group_type: An enum indicating if the group is a "special" group (admins,
> members, etc). If not null, the group cannot be deleted.
>
> auto: A boolean indicating if the group is automatically managed. If so, the
> UI and REST API will not permit direct manipulation of the group.
>
> (Once the existing code is refactored, the above means you could rename the
> admin group if you wanted.)
>
> Upon creation of a new CO or COU, the following groups will be created (as
> appropriate):
>
> CO:admins (formerly "admin")
> CO:members:all (formerly "members", sort of)
> CO:members:active
> CO:COU:<couname>:admins (formerly "admin:<couname>")
> CO:COU:<couname>:members:all (formerly "members:<couname>")
> CO:COU:<couname>:members:active
> CO:COU:<couname>:members:nested:all (includes subordinate COUs, eventually)
> CO:COU:<couname>:members:nested:active
>
> The prefix "CO:" will be reserved. However, we might ultimately want to
> allow COU specific groups to be made under CO:COU:<couname>:something.
>
> The biggest issue is likely to be on the provisioning side. For LDAP
> directly provisioned by COmanage, the group memberships will change.
>
> This is a big change, but we have to do it at some point, and I'm inclined
> to rip the bandage off sooner rather than later.
>
> Thoughts?
Hi,
This will require substantial changes to the GrouperProvisioner.
My concern is that between now and TIIME I will not be able to
do that work, and then I am at TIIME, and then immediately
after that I am on vacation. After returning from vacation I
will need a week to catch up with clients. So the earliest I
could begin this work would be about March 20.
Are you willing to put off 1.1.0 until late March, early
April?
Thanks,
Scott
P.S. It is also an opportunity to completely re-work the
GrouperProvisioner, which badly needs refactoring.
- Re: [comanage-dev] Major Changes To Groups For CO-1404, Scott Koranda, 02/01/2017
- Re: [comanage-dev] Major Changes To Groups For CO-1404, Benn Oshrin, 02/01/2017
Archive powered by MHonArc 2.6.19.