Centralize permissions/lists

[robertquitt]

Currently, there are multiple "sources of truth" when it comes to officers, politburo, shadow pb.

Sources of truth:

• Google Drive shares
• Mailing lists (mailman)
• Slack channels and permissions
• Website (django db)
• Unix groups (LDAP on soda/tap)
• Github permissions

If we could reduce these by having one read from another, then that would make things easier to maintain.

Possible solutions:

• A bot that reads everything from the LDAP server and uses info from there
• Any other ideas?

[tpankaj]

The Unix groups in LDAP are probably the best way.

[robertquitt]

Something worth investigating: https://github.com/django-ldapdb/django-ldapdb

[mark64]

Maybe we have a collection of scripts + API tokens on tap, which you can run to provide access to people. We could then expand the scope by having a web server that authenticates the user over LDAP and allows them to send a request that runs those scripts for them (assuming they're in the right group). Later, we could expand it further so that admins can move people in and out of groups, and run those scripts automatically.

Thoughts?