Opened 13 years ago

Closed 13 years ago

#186 closed enhancement (fixed)

Add a knob for disabling LDAP signups

Reported by: ezyang Owned by:
Priority: normal Milestone:
Component: internals Keywords:


From zephyr:

-> scripts / r1723 / mitchb  20:29  (Bad Netscape!  No cookie!)                                                      
       One right way to do it would probably be to have a flag there that           
       gets passed as part of the signup wget's URL, and modify the backend         
       that runs on the servers to treat the flag as a "verify only, don't      
       create if not yet existent" setting, so that it would still report                                                                        
       that current users are signed up, but bail on new signups.

   scripts / r1723 / mitchb  20:30  (This UI has been brought to you by the letters 'S' and 'K', and the runlevel 3.)                            
       Another way to do it might be to have an /etc/nosignup that the                                                                           
       backend obeys, and do nothing with the locker script

-> scripts / r1723 / mitchb  20:30  (recursive mutex enter?  fsck that!)                 
       Not sure what I think is best.  The latter gives you per-server                                               
       controllability, the former global. 

   scripts / r1723 / mitchb  20:31  (Yum, this spam is fresh!)                                                                                   
       Or we could put a flag file in the locker for global control without                                                                      
       editing the script.  *shrug*  Design choices.

Change History (2)

comment:1 Changed 13 years ago by mitchb

As background, this discussion came up because we can't simply put a signup-disabling knob in the signup-minimal script in the locker, because all autoinstalls run the signup scripts to ensure the necessary account is ready. They're noops on the server side for already-existing accounts, but we don't mean to disable all autoinstalls for existing users if we have to disable new signups due to LDAP problems.

comment:2 Changed 13 years ago by mitchb

  • Resolution set to fixed
  • Status changed from new to closed

Implemented and committed in r1757, and deployed. You can now create /mit/scripts/admin/nosignup to disable signups globally, or /etc/nosignup to disable them on an individual server. If you put extra info in the nosignup file, it'll be displayed to the user. Autoinstalls are unaffected for existing users.

Note: See TracTickets for help on using tickets.