Skip to content

LDAP improvement questions

Created by: NotSpecial

Currently ldap import is done in two situations:

  • Cronjob which updates our members
  • Login

This was done which a misconception on my part: I was under the impression that only our members should ever be in the database. But I wasnt thinking that through, e.g. members from other student organisations can join certain groups in AMIV (or should be) and for that need to be represented in the db.

There are now several options:

  • Just import everyone logging in
  • Import everyone from LDAP by cronjob
  • Make LDAP import more on demand

The first option would certainly work, but I don't really like it since its really not that intuitive to me:

Hey you need to log in at our homepage so I can put you on a mailing list!

I don't like that.

I don't like the second option either since we would get thousands of users in our database who will never interact with AMIV.

By this point it should be clear that I am hinting at option 3 ;)

I would like to hook into every database request to users. If the request contains the nethz key, the LDAP importer will try to retrieve the relevant data.

Benefits:

  • To add a user I need to query for his nethz anyway to get the user ID. This way a search with a valid nethz will never fail since the user is "sneakily" imported
  • All other query probably reference user by ID, since thats how they are linked in other resources, so there will not be a lot of overhead

I would still keep the Cronjob to make sure that all members of AMIV are always in our database, regardless of they interact with AMIV webservices or not.

Thoughts on this?