Opened 13 years ago
Closed 13 years ago
#186 closed enhancement (fixed)
Add a knob for disabling LDAP signups
| Reported by: | ezyang | Owned by: | |
|---|---|---|---|
| Priority: | normal | Milestone: | |
| Component: | internals | Keywords: | |
| Cc: |
Description
From zephyr:
-> scripts / r1723 / mitchb 20:29 (Bad Netscape! No cookie!)
One right way to do it would probably be to have a flag there that
gets passed as part of the signup wget's URL, and modify the backend
that runs on the servers to treat the flag as a "verify only, don't
create if not yet existent" setting, so that it would still report
that current users are signed up, but bail on new signups.
scripts / r1723 / mitchb 20:30 (This UI has been brought to you by the letters 'S' and 'K', and the runlevel 3.)
Another way to do it might be to have an /etc/nosignup that the
backend obeys, and do nothing with the locker script
-> scripts / r1723 / mitchb 20:30 (recursive mutex enter? fsck that!)
Not sure what I think is best. The latter gives you per-server
controllability, the former global.
scripts / r1723 / mitchb 20:31 (Yum, this spam is fresh!)
Or we could put a flag file in the locker for global control without
editing the script. *shrug* Design choices.
Change History (2)
comment:1 Changed 13 years ago by mitchb
comment:2 Changed 13 years ago by mitchb
- Resolution set to fixed
- Status changed from new to closed
Implemented and committed in r1757, and deployed. You can now create /mit/scripts/admin/nosignup to disable signups globally, or /etc/nosignup to disable them on an individual server. If you put extra info in the nosignup file, it'll be displayed to the user. Autoinstalls are unaffected for existing users.
Note: See
TracTickets for help on using
tickets.
As background, this discussion came up because we can't simply put a signup-disabling knob in the signup-minimal script in the locker, because all autoinstalls run the signup scripts to ensure the necessary account is ready. They're noops on the server side for already-existing accounts, but we don't mean to disable all autoinstalls for existing users if we have to disable new signups due to LDAP problems.