Opened 14 years ago
Closed 14 years ago
#186 closed enhancement (fixed)
Add a knob for disabling LDAP signups
Reported by: | ezyang | Owned by: | |
---|---|---|---|
Priority: | normal | Milestone: | |
Component: | internals | Keywords: | |
Cc: |
Description
From zephyr:
-> scripts / r1723 / mitchb 20:29 (Bad Netscape! No cookie!) One right way to do it would probably be to have a flag there that gets passed as part of the signup wget's URL, and modify the backend that runs on the servers to treat the flag as a "verify only, don't create if not yet existent" setting, so that it would still report that current users are signed up, but bail on new signups. scripts / r1723 / mitchb 20:30 (This UI has been brought to you by the letters 'S' and 'K', and the runlevel 3.) Another way to do it might be to have an /etc/nosignup that the backend obeys, and do nothing with the locker script -> scripts / r1723 / mitchb 20:30 (recursive mutex enter? fsck that!) Not sure what I think is best. The latter gives you per-server controllability, the former global. scripts / r1723 / mitchb 20:31 (Yum, this spam is fresh!) Or we could put a flag file in the locker for global control without editing the script. *shrug* Design choices.
Change History (2)
comment:1 Changed 14 years ago by mitchb
comment:2 Changed 14 years ago by mitchb
- Resolution set to fixed
- Status changed from new to closed
Implemented and committed in r1757, and deployed. You can now create /mit/scripts/admin/nosignup to disable signups globally, or /etc/nosignup to disable them on an individual server. If you put extra info in the nosignup file, it'll be displayed to the user. Autoinstalls are unaffected for existing users.
Note: See
TracTickets for help on using
tickets.
As background, this discussion came up because we can't simply put a signup-disabling knob in the signup-minimal script in the locker, because all autoinstalls run the signup scripts to ensure the necessary account is ready. They're noops on the server side for already-existing accounts, but we don't mean to disable all autoinstalls for existing users if we have to disable new signups due to LDAP problems.