Tags:
create new tag
, view all tags

GroupManagementTools

MegaTWiki currently implements two forms of group management:

  • LDAP-based group management: Register everyone who reports to my manager, TooMuchCoffeeMan. Basically a cron-job that runs periodically to create TWikiGroups based on reporting structure. Assumes LDAP field "employeenumber" is the TWiki login name. Still needs a little work to become production-worthy code, but can be easily improved.
  • Email alias based group management: Create groups based on email aliases. this works via mconnect to the mail server where the alias is managed, and registers those users who are not already registered in the process.

I'll use this topic to discuss the requirements which lead to these features and their current implementation.

-- PeterNixon - 05 Jul 2002

I think a better name for this would be GroupImportTools - if you could do export and group create/delete/update then it would qualify as management. Probably best if there are 2 scripts for this, one for LDAP import and one for email alias import, as there would probably be quite a few other sources of user->group mappings in other environments.

-- RichardDonkin - 05 Jul 2002

I left out that part... MegaTWiki does provide forms-based create/delete/update facilities you describe, but I'm not sure why you'd need to do any sort of exporting (please explain further)...

Group Import/Generation

The email and LDAP group "import" or generation functions are currently contained in two separate bin scripts.

The mega_org_gen script looks at a preference variable, MEGAORGROOTS, to get the login names of the folks at the roots of the organizations which we'd like to import as groups. A group is created for each manager and his direct reports. Direct reports who are themselves managers, have groups created also. Once the information is compiled, each manager's group topic is edited by the script to update the group member list. New groups are added to the TWikiGroups topic, and new users are added to the TWikiUsers topic.

The mega_alias_gen script looks at a list of email aliases (at the moment it looks at a topic which contains the list, but I intend to change it to read a preference variable instead), and resolves the users listed in each alias into their TWiki names, and creates groups based on the email alias names. This is only useful in a situation where the email server hosting the alias can be connected to via mconnect, and the userid's obtained from the email alias can be easily mapped to TWiki names via LDAP. Every company has it's own way of dealing with userid to email mapping, and email alias maintenance, so I'm not sure how useful this script will be in its current state.

Group create/delete/update

Group creation, deletion and updation is facilitated by a set of forms in TWikiAdministrationTools screen of MegaTWiki. Users and groups can be combined to create new groups, which may be edited or deleted later. Groups can also be set up via the edit or create forms to import members from an email alias. Once noted as an 'email-based group', the mega_alias_gen script will continually update it (according to it's crontab entry).

-- PeterNixon - 06 Jul 2002

I discuss a similar topic in InterfacingToExternalAccessControlListManagers. Actually, a superset topic. I don't think the cron job solution is acceptable.

  1. My sysadmins do not allow me to dump copies of certain lists. (Headhunters pay good money for such lists. They limit the size of query return. b. People get tired of the "register... and then wait 6 hours until you can use all the tools that use cron jobs to access the data" solution

I think that we need to allow people to query servers - not just LDAP servers, but possibly others (e.g. UNIX groups on the current system are not bad.)

But we do need caching.

Edit | Attach | Watch | Print version | History: r5 < r4 < r3 < r2 < r1 | Backlinks | Raw View | Raw edit | More topic actions
Topic revision: r5 - 2006-04-14 - AndyGlew
 
  • Learn about TWiki  
  • Download TWiki
This site is powered by the TWiki collaboration platform Powered by Perl Hosted by OICcam.com Ideas, requests, problems regarding TWiki? Send feedback. Ask community in the support forum.
Copyright © 1999-2017 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.