From that view we have an "osgeo.org" organization
(dc=osgeo,dc=org) containing the following
"organizational units" (ou):
- people
- projects
- svn
- shell
A common name (cn) "admin" in the "projects" organizational unit
contains a group of names (objectClass=groupOfNames) representing,
according to the entry description:
osgeo sysadmin group
That list has only 9 entries, of the 23 people listed as "active"
on the wiki: https://wiki.osgeo.org/wiki/SAC#Active
But that same wiki page says that the
"authoritative list of current SAC administrators" is retrived
by https://id.osgeo.org/ldap/shell?group=sac which basically lists
the group of names in the "sac" common name in the "shell"
organizational unit, which is, according to the entry description:
Shell Access for OSGeo SAC
so I'm not sure which services use which group of names to tell
who's to have the powers to administer services.
In general we need better understanding of LDAP to decide how
to assign privileges to groups, and the best would be to write
this information in this page:
From that view we have an "osgeo.org" organization
(dc=osgeo,dc=org) containing the following
"organizational units" (ou):
- people
- projects
- svn
- shell
A common name (cn) "admin" in the "projects" organizational unit
contains a group of names (objectClass=groupOfNames) representing,
according to the entry description:
osgeo sysadmin group
That list has only 9 entries, of the 23 people listed as "active"
on the wiki: https://wiki.osgeo.org/wiki/SAC#Active
But that same wiki page says that the
"authoritative list of current SAC administrators" is retrived
by https://id.osgeo.org/ldap/shell?group=sac which basically lists
the group of names in the "sac" common name in the "shell"
organizational unit, which is, according to the entry description:
Shell Access for OSGeo SAC
so I'm not sure which services use which group of names to tell
who's to have the powers to administer services.
To complicate things, there's another common name in the "shell"
organizational unit being "telascience", with description:
Yap, that's what I thought. Internally the shell group is called
telascience.
All these people I think are people that are allowed to upload artifacts to
upload.osgeo.org and that is why they were put there.
Before my time I think all OSGeo servers were housed at Telascience, and
when that became defunct, the name just stuck.
Yap, that's what I thought. Internally the shell group is called
telascience.
All these people I think are people that are allowed to upload artifacts to
upload.osgeo.org and that is why they were put there.
Before my time I think all OSGeo servers were housed at Telascience, and
when that became defunct, the name just stuck.
That sounds about right. Shell access is much wider than SAC, particularly for the upload purposes. However typically only SAC members have elevated privileges on machines (no idea how that's actually managed now).
