[SAC] LDAP users still being created during maintainance

Sandro Santilli strk at keybit.net
Wed May 11 11:00:00 PDT 2016


On Wed, May 11, 2016 at 09:58:26AM -0700, Alex M wrote:
> On 05/11/2016 09:52 AM, Sandro Santilli wrote:
> > On Wed, May 11, 2016 at 09:49:30AM -0700, Alex M wrote:
> >> That's also a huge barrier to new users. Email confirmation is higher
> >> priority to me. We could modify the Maintenance page, to say that during
> >> maintenance new users need to contact an admin to have an account
> >> created. But yes without the email confirmation/ability of users to
> >> set/reset their own passwords, we make temp passwords and send via email
> >> (currently how resets work).
> > 
> > Couldn't we just use the reset code for registration ?
> > Rather than asking for a password, invoke the resetter,
> > so this would also automatically serve as a kind of
> > email confirmation (no email control, no known password).
> 
> I don't know what reset code you're talking about? If you mean generate
> a reset code and email the user, that is what I'm thinking.

I was referring to your "currently how resets work", if that's how it
works then yes. There's no much else we can do. But also for _new_
registrations we should do that.

> I disagree, at most inactive accounts should be disabled, not deleted.

Yes, disabled is better. But we want a way to tell if an account
is enabled or disabled, via ldapsearch (and document that). Do
you know how could that be done ?

PS: I launched my fantastic SQL script to delete all recent spam from
    the known spammer accounts. Let me know if you find more spam so
    we can grow the list of spammers.

--strk;


More information about the Sac mailing list