[389-users] Re: Forbidden uid?
> On 19 Apr 2021, at 17:42, Jan Tomasek wrote: > > Hi Mark, > > no that is not what I need. > > I need to prevent our personal department from creating users like 'root', > 'sys', 'dev', ... and similar potentially problematic usernames for unix > systems. > > Monday is much better than friday. Today, I clearly see that this is task for > libattr-unique-plugin plugin. I'm going to create ou=Forbidden > Users,dc=example,dc=com with all forbidden user entries. :) That's a clever way to achieve it :) But still, this should be do-able without having dummy accounts. Simon: This could be a good option for learning how to make a Rust plugin? > > Best regards > -- > --- > Jan Tomasek aka Semik > http://www.tomasek.cz/ > > > > On 16. 04. 21 20:19, Mark Reynolds wrote: >> You can create aci's that restrict specific DN's from doing specific actions >> like ADD. Is that what you mean? If so, look at the > Admin >> guide for more information: >> https://access.redhat.com/documentation/en-us/red_hat_directory_server/11/html/administration_guide/managing_access_control >> HTH, >> Mark >> On 4/16/21 10:49 AM, Jan Tomasek wrote: >>> Hi, >>> >>> is there a way how to provide 389DS with list of forbidden uid to prevent >>> creating such user? For example 'root', 'sys', ... >>> >>> Thanks >>> >>> ___ >>> 389-users mailing list --389-users@lists.fedoraproject.org >>> To unsubscribe send an email to389-users-le...@lists.fedoraproject.org >>> Fedora Code of >>> Conduct:https://docs.fedoraproject.org/en-US/project/code-of-conduct/ >>> List Guidelines:https://fedoraproject.org/wiki/Mailing_list_guidelines >>> List >>> Archives:https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.org >>> Do not reply to spam on the list, report >>> it:https://pagure.io/fedora-infrastructure >> -- >> 389 Directory Server Development Team > > ___ > 389-users mailing list -- 389-users@lists.fedoraproject.org > To unsubscribe send an email to 389-users-le...@lists.fedoraproject.org > Fedora Code of Conduct: > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.org > Do not reply to spam on the list, report it: > https://pagure.io/fedora-infrastructure — Sincerely, William Brown Senior Software Engineer, 389 Directory Server SUSE Labs, Australia ___ 389-users mailing list -- 389-users@lists.fedoraproject.org To unsubscribe send an email to 389-users-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
[389-users] Re: Forbidden uid?
Hi Mark, no that is not what I need. I need to prevent our personal department from creating users like 'root', 'sys', 'dev', ... and similar potentially problematic usernames for unix systems. Monday is much better than friday. Today, I clearly see that this is task for libattr-unique-plugin plugin. I'm going to create ou=Forbidden Users,dc=example,dc=com with all forbidden user entries. :) Best regards -- --- Jan Tomasek aka Semik http://www.tomasek.cz/ On 16. 04. 21 20:19, Mark Reynolds wrote: You can create aci's that restrict specific DN's from doing specific actions like ADD. Is that what you mean? If so, look at the Admin guide for more information: https://access.redhat.com/documentation/en-us/red_hat_directory_server/11/html/administration_guide/managing_access_control HTH, Mark On 4/16/21 10:49 AM, Jan Tomasek wrote: Hi, is there a way how to provide 389DS with list of forbidden uid to prevent creating such user? For example 'root', 'sys', ... Thanks ___ 389-users mailing list --389-users@lists.fedoraproject.org To unsubscribe send an email to389-users-le...@lists.fedoraproject.org Fedora Code of Conduct:https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines:https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives:https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.org Do not reply to spam on the list, report it:https://pagure.io/fedora-infrastructure -- 389 Directory Server Development Team smime.p7s Description: S/MIME Cryptographic Signature ___ 389-users mailing list -- 389-users@lists.fedoraproject.org To unsubscribe send an email to 389-users-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
[389-users] Re: Forbidden uid?
You can create aci's that restrict specific DN's from doing specific actions like ADD. Is that what you mean? If so, look at the Admin guide for more information: https://access.redhat.com/documentation/en-us/red_hat_directory_server/11/html/administration_guide/managing_access_control HTH, Mark On 4/16/21 10:49 AM, Jan Tomasek wrote: Hi, is there a way how to provide 389DS with list of forbidden uid to prevent creating such user? For example 'root', 'sys', ... Thanks ___ 389-users mailing list -- 389-users@lists.fedoraproject.org To unsubscribe send an email to 389-users-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure -- 389 Directory Server Development Team ___ 389-users mailing list -- 389-users@lists.fedoraproject.org To unsubscribe send an email to 389-users-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure