...
There are more than 3000 moira security groups. We think each domain most likely will be interested in only a few dozens of them. Instead of importing all of the lists into each domain, we let the domain admins decide which lists they are interested in.
Wiki Markup
We also have a perl script on the server that runs every hours and continuously synchronizes the thalia groups with moira groups. If the domain admin later added the user boell in the test domain, one hour later, user boell will be in the thalia-dev group. However, if we add a new user schen111 to the group thalia-dev in moira, this info will reach ldap.mit.edu four hours later, so it will take up to 5 or 6 hours for the new user to appear in the thalia-dev group in thalia.
Here is a list of the new servlets:unmigrated-wiki-markup
POST baseuri/group/\[group name\] import a moira group to thalia and populates its membership. Only domain admin is allowed to run this servlet.unmigrated-wiki-markup
DELETE baseuri/group/\[group name\] deletes the thalia group: please note it will not affect the moira group in anyway. Only domain admin is allowed to run this servlet.unmigrated-wiki-markup
GET baseuri/group/\[group name\] retrieve the membership of the specified group. This is open to regular thalia users. There might be a privacy issue. In moira, there are hidden groups whose membership should be hidden to people. This call violates it. However since ldap.mit.edu violates this first, so we are exposing info that have already being exposed elsewhere. However, we can always shut this servlet shut this servlet down.
GET baseuri/groups retrieves a list of groups in the domain
...