V3 APIs in LDAP assignment backend
Need to support
create_grant
list_grants
get_grant
delete_grant
list_role_
get_domain_by_name
list_user_projects
These should follow the pattern of theother LDAP code: reasonable default object classes and attributes as high up the inheritance tree as possible.
Blueprint information
- Status:
- Complete
- Approver:
- None
- Priority:
- Undefined
- Drafter:
- Adam Young
- Direction:
- Needs approval
- Assignee:
- None
- Definition:
- Obsolete
- Series goal:
- None
- Implementation:
- Unknown
- Milestone target:
- None
- Started by
- Completed by
- Morgan Fainberg
Related branches
Sprints
Whiteboard
Projects default to groupOfNames in their own subtree. These can only have:
MUST (Member $ CN )
MAY ( businessCategory $ seeAlso $ owner $ ou $ o $ description ) )
Role assignments can all be done in the Member category, but then we need a way to distinguish between different types of members.
A list of RoleAssignements is probably possible now by doing:
1. Get a role assignements where the user DN is RoleOccupant
2. Get all groups where the user DN is a member
3. Use DNs from step to to query role assignments
Based on the summit discussions around SQL-only assignments, it sounds like this should be marked as obsolete? -dolph
Marking this as obsolete at this point. (morganfainberg)