1. Proposed title of this feature request

Update "oc adm group sync" mechanism to handle duplicate groups

2. What is the nature and description of the request?

Customer is using the "oc adm groups sync --type=openshift --sync-config=/config/group_sync.yaml --confirm" command to sync LDAP groups. This works as expected when each group to be synced points to a unique "openshift.io/ldap.uid".

As soon as there is a second group that points to the same "ldap.uid", only the newly created group gets synced. In OCPBUGS-11123 it was discussed and a warning message was added.

This RFE aims to implement the corrected sync mechanism. In OCPBUGS-11123 during implementation it was discovered that API changes need to be made, hence this RFE.

3. Why does the customer need this? (List the business requirements here)

The customer has automation in place that creates groups in OpenShift according to their LDAP structure.

Some of their customers reuse their existing LDAP group(s) and want those to be linked behind those OpenShift groups, especially if it's a department that offers multiple services on our platform (bitbucket, artifactory, jenkins for example are all done by the same department but are seen as different services/use cases and therefore have been defined in separate projects).

More details in the discussion in OCPBUGS-11123.

4. List any affected packages or components.

• oc client
• LDAPSyncConfig