(INF-3541) Comanage LDAP Upgrade + Fixes#30
Merged
williamnswanson merged 8 commits intoopensciencegrid:masterfrom Apr 13, 2026
Merged
Conversation
Add Python Requests Library to Dockerfile requirements.txt Update shebang headers to explicitly use python3.11, since it's not the default version for some places these scripts will need to be run.
Rearrange flags and usage for project_group_setup.py osg-comanage-project-usermap.py to reflect the changes. Note for reviewer: the definition for the comanage_utils/py get_ldap_groups methods got misplaced during commit cleanup for the PR.
Remove / comment old default values for LDAP stuff Whitespace formatting No functional changes
mwestphall
reviewed
Apr 7, 2026
Member
|
Are there specific 3.11-isms that we're using here or could this all just work on 3.9? Or how hard would it be to make this all work with 3.9? |
Collaborator
Author
|
I think this could work on 3.9, pending replacement of StrEnum for LDAP_CONFIG_KEYS, which I'm doing in the next set of changes. The main reason for v3.11 was it was the oldest version of python that wasn't going to go EoL this year, but since we only care about Redhat's supportted versions, we can stay behind longer. |
Collaborator
Author
|
Works on 3.9 after a few changes, generated mapfile for ap40 looks the same as before. |
mwestphall
approved these changes
Apr 9, 2026
Contributor
mwestphall
left a comment
mwestphall
left a comment
There was a problem hiding this comment.
I was able to run the mapfile script on AP40 again following the most recent round of changes, approving.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Add Paged LDAP search, using a series of fallback servers configured via a config file in service of https://opensciencegrid.atlassian.net/browse/INF-3541
Most effected scripts are the mapfile generator script (
osg-comanage-project-usermap.py) and project setup script (project_group_setup.py).Both seem to have identical (or better results from my testing), the mapfiles the old and new scripts create for AP40 seem to be the same content.
I tested the script against the osgdev instance of the LDAP server, which has the same groups as the prod instance, but the groups have different group IDs, so some of the group ordering was different due to that.