Open robertquitt opened 6 years ago
The Unix groups in LDAP are probably the best way.
Something worth investigating: https://github.com/django-ldapdb/django-ldapdb
Maybe we have a collection of scripts + API tokens on tap, which you can run to provide access to people. We could then expand the scope by having a web server that authenticates the user over LDAP and allows them to send a request that runs those scripts for them (assuming they're in the right group). Later, we could expand it further so that admins can move people in and out of groups, and run those scripts automatically.
Thoughts?
Currently, there are multiple "sources of truth" when it comes to officers, politburo, shadow pb.
Sources of truth:
If we could reduce these by having one read from another, then that would make things easier to maintain.
Possible solutions: