[SAC] LDAP users still being created during maintainance

Alex M tech_dev at wildintellect.com
Wed May 11 09:58:26 PDT 2016


On 05/11/2016 09:52 AM, Sandro Santilli wrote:
> On Wed, May 11, 2016 at 09:49:30AM -0700, Alex M wrote:
>> That's also a huge barrier to new users. Email confirmation is higher
>> priority to me. We could modify the Maintenance page, to say that during
>> maintenance new users need to contact an admin to have an account
>> created. But yes without the email confirmation/ability of users to
>> set/reset their own passwords, we make temp passwords and send via email
>> (currently how resets work).
> 
> Couldn't we just use the reset code for registration ?
> Rather than asking for a password, invoke the resetter,
> so this would also automatically serve as a kind of
> email confirmation (no email control, no known password).
> 

I don't know what reset code you're talking about? If you mean generate
a reset code and email the user, that is what I'm thinking.

> And we then need to delete accounts that are not used within
> a given amount of time, as per https://trac.osgeo.org/osgeo/ticket/1675
> 

I disagree, at most inactive accounts should be disabled, not deleted.
You don't want new people coming in and spoofing previous users, nor do
you want to orphan content. Also spam accounts tend to be active not
inactive.


> PS: osgeo trac is being spammed now, could anyone setup the proper
>     configuration and BadContent page ? I'm gone for today.
> 
> --strk;
> 

I'm tied up for quite a while at work, if someone else has some time
that would be great. I assume the new wiki page about Trac Spam
describes what to do?

Thanks,
Alex


More information about the Sac mailing list