Tuesday, April 20, 2021

[389-users] Re: Forbidden uid?

Hi,
sounds good!

I've created an upstream issue so we can continue the discussion there as needed.

https://github.com/389ds/389-ds-base/issues/4728

Sincerely,
Simon

On Tue, Apr 20, 2021 at 2:45 AM William Brown <wbrown@suse.de> wrote:


> On 19 Apr 2021, at 17:42, Jan Tomasek <jan@tomasek.cz> wrote:
>
> Hi Mark,
>
> no that is not what I need.
>
> I need to prevent our personal department from creating users like 'root', 'sys', 'dev', ... and similar potentially problematic usernames for unix systems.
>
> Monday is much better than friday. Today, I clearly see that this is task for libattr-unique-plugin plugin. I'm going to create ou=Forbidden
> Users,dc=example,dc=com with all forbidden user entries. :)

That's a clever way to achieve it :)

But still, this should be do-able without having dummy accounts.

Simon: This could be a good option for learning how to make a Rust plugin?

>
> Best regards
> --
> -----------------------
> Jan Tomasek aka Semik
> http://www.tomasek.cz/
>
>
>
> On 16. 04. 21 20:19, Mark Reynolds wrote:
>> You can create aci's that restrict specific DN's from doing specific actions like ADD.  Is that what you mean?  If so, look at the
> Admin
>> guide for more information:
>> https://access.redhat.com/documentation/en-us/red_hat_directory_server/11/html/administration_guide/managing_access_control
>> HTH,
>> Mark
>> On 4/16/21 10:49 AM, Jan Tomasek wrote:
>>> Hi,
>>>
>>> is there a way how to provide 389DS with list of forbidden uid to prevent creating such user? For example 'root', 'sys', ...
>>>
>>> Thanks
>>>
>>> _______________________________________________
>>> 389-users mailing list --389-users@lists.fedoraproject.org
>>> To unsubscribe send an email to389-users-leave@lists.fedoraproject.org
>>> Fedora Code of Conduct:https://docs.fedoraproject.org/en-US/project/code-of-conduct/
>>> List Guidelines:https://fedoraproject.org/wiki/Mailing_list_guidelines
>>> List Archives:https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.org
>>> Do not reply to spam on the list, report it:https://pagure.io/fedora-infrastructure
>> --
>> 389 Directory Server Development Team
>
> _______________________________________________
> 389-users mailing list -- 389-users@lists.fedoraproject.org
> To unsubscribe send an email to 389-users-leave@lists.fedoraproject.org
> Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
> List Archives: https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.org
> Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure


Sincerely,

William Brown

Senior Software Engineer, 389 Directory Server
SUSE Labs, Australia
_______________________________________________
389-users mailing list -- 389-users@lists.fedoraproject.org
To unsubscribe send an email to 389-users-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.org
Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure

No comments:

Post a Comment