[SAC] Re-enable LDAP user creation

Sandro Santilli strk at keybit.net
Mon May 9 08:08:11 PDT 2016


On Mon, May 09, 2016 at 07:49:37AM -0700, Alex Mandel wrote:
> On 05/09/2016 07:38 AM, Sandro Santilli wrote:

> > It's enabled now, we got 5 new registered users, 2 of which have
> > the _same_ email (something else to disallow?).
> > 
> 
> Well not until we have a password reset. I could see kicking back the
> form, saying - you've already registered.

We badly need the email confirmation thing, no dubt.
Frank: do you think you could work on that ?

> >  ldapsearch -x "(&(createTimestamp>=20160509000000Z))" 
> > 
> 
> Ya I'm wondering if we should run a daily report, or hourly, that emails
> SAC or at least the main admins if more than x number of accounts have
> been made in the last hour (maybe 20). Since that would be a good sign
> of bulk registration. This would use the ldapsearch above...

Another 2 accounts were just registered, and they uid doesn't
look sane at all to me:

 kumartinkusingh08
 ct7316944

I can't match those to the IP they came from as I don't know how
to extract createTimestamp from LDAP, the apache log does not contain
information about the name AND the script creator itself does not
create any log.

I'll look at creating a script to report the number of users created
in the last X hours, and then get it called to report to sac.

--strk;


More information about the Sac mailing list