Allow membership override when using LDAP group sync
Backend part of #343 (closed)
Adds an ldap
and override
attribute to Member
so we can track which members are managed by LDAP and if/when they're overridden.
-
Member#ldap?
will tell you whether it's an LDAP member -
Member#override
should be set totrue
if someone adds an override. Sync will then ignore it, untilMember#override
is set back tofalse
.
Performance testing
All tests resulted in approximately 119,000 total members being created.
-
✅ 19 minutes - An 'update' sync (where all members already existed) updating theldap
flag once. -
✅ 79 minutes - A full, fresh sync before changes -
✅ 76 minutes - A full, fresh sync after changes
Although the before time was actually higher than the after time, I think there's a standard deviation in there that accounts for it. The important thing is that it's not drastically different.