Syncing Groups

Code Collaborator provides a simple web UI for creating and managing groups, but when groups are used to represent organizational hierarchy for large companies the web UI becomes unmanageable. Such groups are usually already stored in an external system such as LDAP, so Code Collaborator provides the ability to "sync" it's groups from an external system.

The ccollab admin group sync command takes as input an XML file describing all the groups being synced, their relationships, and their member users. The XML format is simple and a full schema is provided. For an example see Using Groups for Organizational Hierarchy. The Code Collaborator administrator should write a script that queries the external system (i.e. LDAP) and creates this XML.

The Code Collaborator administrator should run the sync script periodically. Code Collaborator will examine the group sync xml and make the appropriate changes in the system. Processing the sync is not very resource intensive, so you probably don't need to worry about load on the Code Collaborator server.

The group sync xml describes which users are members of which groups. There are two options if the XML describes users who don't yet have accounts in Code Collaborator, controlled by the --create-user option of the ccollab admin group sync command:

•	Create the member-user - If the --create-user option is specified, a user account is created for the user. Note the user does not consume a license until they log in.

•	Ignore the member-user - If the --create-user option is not specified (default behavior), the member-user is ignored and a user account is not created. This is useful if you have a large organization but only a small subset of the employees are using Code Collaborator.

Groups may be removed from the external system. There are two options if the XML no longer describes a group which was created in an earlier sync, controlled by the --delete-groups option of the ccollab admin group sync command:

•	Delete the group - If the --delete-groups option is specified, the group is deleted. However if the group can not be deleted because it has associated reviews, an error is returned and the sync is canceled.

•	Disable the group - If the --delete-groups option is not specified (default behavior), the group is marked disabled. This always works, regardless of whether there are reviews associated with the group.

Groups are uniquely identified by a GUID which is specified in the group sync xml. To rename the group simply specify a group with the same GUID but a different title.

Sometimes it is useful to sync groups with an external system but also manually specify some groups using the web interface or the ccollab admin group create command. For an example see Using Groups for Organizational Hierarchy and Projects. Code Collaborator keeps track of which groups were created using sync and which groups were created manually. Manually created groups are not deleted or disabled on subsequent syncs just because they're not in the group XML. The web UI displays a warning when manually editing a group that was created by sync. Manually created groups can contain synced groups as children, but not vice-versa.