Group management via LDAP or REST

We are some 70 developers working on a 100 or so projects. I synchronize users with AD, though they have to create their own account.

Each project is handed a mail group by IT dept. These groups follow a naming pattern based on the project ID. The group membership is maintained by the project lead/manager.

I use these group to provide access rights in git using gitolite. I now want to increase the level of consistency by using the same groups in TeamCity (and other dev ops systems).

What I would need is a way to move groups matching specific patterns to appear in teamcity, possibly with some string transformation (e.g. the AD group "Project.123.Members" =>  becomes "Project 123"). It would be nice if this could be part of the LDAP synchronization scheme, but a programmatic/REST option would do almost as well.

When synchronizing the members of the groups, this should also be possible to do in bulk. I don't want to set up a mapping for each new group by editing a text file on the server. Again, my preference is a pattern matching synchronization, but REST would also be an option.

My maintenance burden would then (in this area at least :) ) be reduced to creating the TC project and assigning a role to an existing group. PM/PL maintains group membership.

Using the AD/LDAP groups is really the way to go. When I developed enterprise software, the customers always wanted more AD integration than we provided. We delivered a single system, and thought the maintenance burden wouldn't be much increased. The problem is for the receiving organization, who already have tens or even hundreds of systems, all with their own user/group/role database. The task list for adding a new employee/user to all the systems quickly becomes nightmarish.

Best regards,

--Jesper Hogstrom

Please sign in to leave a comment.