[SAC] Re-enable LDAP user creation

Alex Mandel tech_dev at wildintellect.com
Sun May 8 13:20:39 PDT 2016


On 05/08/2016 07:36 AM, Sandro Santilli wrote:
> On Sun, May 08, 2016 at 07:21:45AM -0700, Alex Mandel wrote:
> 
>> We do want email verification added, 1. because without a valid email
>> address a user can not reset their password, even if they ask us to
>> because we can't verify who they are, 2. I think an additional step
>> might actually slow the process of registration to annoy spammers.
> 
> Both are good points. +1 to email verification.
> 
>> If you think the new anti-spam measures are working and we can re-enable
>> it.
> 
> The anti-spam plugin doesn't catch spam out of the box, but requires
> configuration and bayes training that needs to be done by each of
> the project admins. I've done some of that for ossim which was being
> still hit these days, but don't know how good that was (especially as
> there was no candidate "ham" reported).
> 
>> Martin was working on a script to make it faster to remove spam
>> accounts once found, is that in place so admins can use it without
>> having to ask Martin?
> 
> The command to remove accounts is documented on the wiki, but it takes
> a LDAP administrator password to run.
> 
> --strk;
> 

I had forgotten, we can re-enable as soon as a fail2ban rule is in place
to prevent rapid registration from the same ip. Then keep adding of
email verification on the todo list for the next week or so.

I can at least confirm that no new accounts have been created since we
disabled the web form, so accounts aren't being created in some more
nefarious method.

Thanks,
Alex


More information about the Sac mailing list