import student records from ugent ldap into person-service database (not present in gismo)
get ldap user record to update attributes in person-service that cannot be fetched from gismo
Import of student records:
Use these ldap search attributes:
scope ou=people,dc=ugent,dc=be
filter (objectClass=ugentStudent)
Remarks:
incrementally retrieve student records? There is a filter (modifytimestamp>=YYYYmmddHHMMSSZ) (not be confused with the returned attribute ugentmodifytimestamp that cannot be searched on). Disadvantage: ldap does not store inactive users (no tombstones), so if we fetch users like this, we cannot see who is active by looking at the returned records.
put deactivation of users into separate job? i.e. check every user with an active ugent id against the ugent ldap. This way we can deactivate both gismo and student records. Or store ugent_expiration_date somewhere and deactivate these users one day. Because we use a filter ((objectClass=ugentStudent)) we cannot just rely on "yesterday I was able to retrieve this user" to mark this user inactive the next day when that record is no longer retrieved, as his/her objectClass may have changed.
Context:
Import of student records:
ou=people,dc=ugent,dc=be(objectClass=ugentStudent)(modifytimestamp>=YYYYmmddHHMMSSZ)(not be confused with the returned attributeugentmodifytimestampthat cannot be searched on). Disadvantage: ldap does not store inactive users (no tombstones), so if we fetch users like this, we cannot see who is active by looking at the returned records.ugent_expiration_datesomewhere and deactivate these users one day. Because we use a filter ((objectClass=ugentStudent)) we cannot just rely on "yesterday I was able to retrieve this user" to mark this user inactive the next day when that record is no longer retrieved, as his/her objectClass may have changed.