[SAC] LDAP users still being created during maintainance
Sandro Santilli
strk at keybit.net
Thu May 12 07:18:46 PDT 2016
On Wed, May 11, 2016 at 06:45:44PM +0200, Sandro Santilli wrote:
> On Wed, May 11, 2016 at 09:05:24AM -0700, Frank Warmerdam wrote:
> > I did this.
> >
> > People need to create IDs!
>
> How about moving the creation script under auth/, allowing
> users from specific project groups to create more users ?
>
> Then the maintainance page could report something like:
> "ask another OSGeo User to create the account for you"
>
> But I understand this would be problematic as whoever creates
> the user needs to know the user password, correct ?
So I had another idea, and implemented it.
During spam attacks (like now) the form will show "maintainance"
(or other) message _UNLESS_ a given token is passed to the URL.
This gives us an easy way to keep using the script.
Also, if we like the idea, we could also communicate the light-token to
legit users that need to register (as the GSOC student who asked today)
and change it after. Eventually we could use a multi-token approach
so to add per-user tokens.
--strk;
More information about the Sac
mailing list