Hi,
is there a way how to provide 389DS with list of forbidden uid to prevent creating such user? For example 'root', 'sys', ...
Thanks
You can create aci's that restrict specific DN's from doing specific actions like ADD. Is that what you mean? If so, look at the Admin guide for more information:
https://access.redhat.com/documentation/en-us/red_hat_directory_server/11/ht...
HTH,
Mark
On 4/16/21 10:49 AM, Jan Tomasek wrote:
Hi,
is there a way how to provide 389DS with list of forbidden uid to prevent creating such user? For example 'root', 'sys', ...
Thanks
389-users mailing list -- 389-users@lists.fedoraproject.org To unsubscribe send an email to 389-users-leave@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.... Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
Hi Mark,
no that is not what I need.
I need to prevent our personal department from creating users like 'root', 'sys', 'dev', ... and similar potentially problematic usernames for unix systems.
Monday is much better than friday. Today, I clearly see that this is task for libattr-unique-plugin plugin. I'm going to create ou=Forbidden
Users,dc=example,dc=com with all forbidden user entries. :)
Best regards
On 19 Apr 2021, at 17:42, Jan Tomasek jan@tomasek.cz wrote:
Hi Mark,
no that is not what I need.
I need to prevent our personal department from creating users like 'root', 'sys', 'dev', ... and similar potentially problematic usernames for unix systems.
Monday is much better than friday. Today, I clearly see that this is task for libattr-unique-plugin plugin. I'm going to create ou=Forbidden Users,dc=example,dc=com with all forbidden user entries. :)
That's a clever way to achieve it :)
But still, this should be do-able without having dummy accounts.
Simon: This could be a good option for learning how to make a Rust plugin?
Best regards
Jan Tomasek aka Semik http://www.tomasek.cz/
On 16. 04. 21 20:19, Mark Reynolds wrote:
You can create aci's that restrict specific DN's from doing specific actions like ADD. Is that what you mean? If so, look at the
Admin
guide for more information: https://access.redhat.com/documentation/en-us/red_hat_directory_server/11/ht... HTH, Mark On 4/16/21 10:49 AM, Jan Tomasek wrote:
Hi,
is there a way how to provide 389DS with list of forbidden uid to prevent creating such user? For example 'root', 'sys', ...
Thanks
389-users mailing list --389-users@lists.fedoraproject.org To unsubscribe send an email to389-users-leave@lists.fedoraproject.org Fedora Code of Conduct:https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines:https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives:https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.... Do not reply to spam on the list, report it:https://pagure.io/fedora-infrastructure
-- 389 Directory Server Development Team
389-users mailing list -- 389-users@lists.fedoraproject.org To unsubscribe send an email to 389-users-leave@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.... Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
— Sincerely,
William Brown
Senior Software Engineer, 389 Directory Server SUSE Labs, Australia
Hi, sounds good!
I've created an upstream issue so we can continue the discussion there as needed.
https://github.com/389ds/389-ds-base/issues/4728
Sincerely, Simon
On Tue, Apr 20, 2021 at 2:45 AM William Brown wbrown@suse.de wrote:
On 19 Apr 2021, at 17:42, Jan Tomasek jan@tomasek.cz wrote:
Hi Mark,
no that is not what I need.
I need to prevent our personal department from creating users like
'root', 'sys', 'dev', ... and similar potentially problematic usernames for unix systems.
Monday is much better than friday. Today, I clearly see that this is
task for libattr-unique-plugin plugin. I'm going to create ou=Forbidden
Users,dc=example,dc=com with all forbidden user entries. :)
That's a clever way to achieve it :)
But still, this should be do-able without having dummy accounts.
Simon: This could be a good option for learning how to make a Rust plugin?
Best regards
Jan Tomasek aka Semik http://www.tomasek.cz/
On 16. 04. 21 20:19, Mark Reynolds wrote:
You can create aci's that restrict specific DN's from doing specific
actions like ADD. Is that what you mean? If so, look at the
Admin
guide for more information:
https://access.redhat.com/documentation/en-us/red_hat_directory_server/11/ht...
HTH, Mark On 4/16/21 10:49 AM, Jan Tomasek wrote:
Hi,
is there a way how to provide 389DS with list of forbidden uid to
prevent creating such user? For example 'root', 'sys', ...
Thanks
389-users mailing list --389-users@lists.fedoraproject.org To unsubscribe send an email to389-users-leave@lists.fedoraproject.org Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines:https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives:
https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject....
Do not reply to spam on the list, report it:
https://pagure.io/fedora-infrastructure
-- 389 Directory Server Development Team
389-users mailing list -- 389-users@lists.fedoraproject.org To unsubscribe send an email to 389-users-leave@lists.fedoraproject.org Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives:
https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject....
Do not reply to spam on the list, report it:
https://pagure.io/fedora-infrastructure
— Sincerely,
William Brown
Senior Software Engineer, 389 Directory Server SUSE Labs, Australia _______________________________________________ 389-users mailing list -- 389-users@lists.fedoraproject.org To unsubscribe send an email to 389-users-leave@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.... Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
389-users@lists.fedoraproject.org