add group owner to LDAP schema, change objectClass#736
Draft
simonLeary42 wants to merge 12 commits into
Draft
Conversation
add space no newlines allowed worker set ownerUid avoid weird formatting with -1 refactor functions for customizable filter add changelog limit worker to just setting ownerUid restore file fixup objectClass for all PI groups, even disabled ones NON_DISABLED, INCLUDE_DISABLED typo remove CLI
Contributor
There was a problem hiding this comment.
Pull request overview
This PR extends the LDAP schema to support storing an explicit group owner, introduces a new general-purpose unityGroup objectClass, and updates newly-created PI groups to use unityGroup instead of the deprecated piGroup.
Changes:
- Add
ownerUidattribute andunityGroupobjectClass to the LDAP schema; markpiGroupas deprecated. - Update PI group creation to use
unityGroupand persistowneruidon new groups. - Add a migration worker and changelog instructions to backfill
ownerUidfor existing PI groups.
Reviewed changes
Copilot reviewed 4 out of 4 changed files in this pull request and generated 2 comments.
| File | Description |
|---|---|
| workers/setup-pi-group-owners.php | New worker intended to populate ownerUid for existing PI groups. |
| tools/docker-dev/identity/account-portal-schema.ldif | Adds ownerUid attribute and new unityGroup objectClass; deprecates piGroup. |
| resources/lib/UnityGroup.php | Creates new groups with unityGroup and sets owneruid; minor string math cleanup. |
| CHANGELOG.md | Adds 1.8 → 1.9 LDAP migration steps for the schema/objectClass transition and owner backfill. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
simonLeary42
changed the title
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
The new general-purpose
xGroupobjectClass can be used for Coldfront allocation groups as well as PI groups. Unlike a PI group, the owner of a Coldfront allocation group cannot be derived from the group name.ownerUidprovides a standard way for thepiutilsCLI tool to determine which users should have permissions over a directory.In the future, we could use
ownerUidto let one user be the owner of multiple PI groups, removing the need for the dummy course group PIs.