Allow membership override when using LDAP group sync
Backend part of #343 (closed)
Adds an ldap and override attribute to Member so we can track which members are managed by LDAP and if/when they're overridden.
-
Member#ldap?will tell you whether it's an LDAP member -
Member#overrideshould be set totrueif someone adds an override. Sync will then ignore it, untilMember#overrideis set back tofalse.
Performance testing
All tests resulted in approximately 119,000 total members being created.
-
✅ 19 minutes - An 'update' sync (where all members already existed) updating theldapflag once. -
✅ 79 minutes - A full, fresh sync before changes -
✅ 76 minutes - A full, fresh sync after changes
Although the before time was actually higher than the after time, I think there's a standard deviation in there that accounts for it. The important thing is that it's not drastically different.