public
/
pyceo
27
1
Fork 3
Code Issues 25 Pull Requests 5 Projects Releases 1 Wiki Activity

Automatically expire LDAP users for clubs #110

New Issue
Open
opened 2023-10-26 03:53:53 -04:00 by merenber · 3 comments
merenber commented 2023-10-26 03:53:53 -04:00
Owner
Copy Link

The LDAP user entries for clubs (which do not have corresponding Kerberos principals) should have shadowExpire=1 set when they no longer have any active club reps. This way, PAM will prevent their cron jobs from running. Resources such as cloud VMs and vhost configs (on caffeine) should automatically get removed/disabled, and an notification email should get sent. A warning email should be sent at least one week in advance.

We will need to add a new API endpoint, e.g. /api/groups/expire.

The LDAP user entries for clubs (which do not have corresponding Kerberos principals) should have `shadowExpire=1` set when they no longer have any active club reps. This way, PAM will prevent their cron jobs from running. Resources such as cloud VMs and vhost configs (on caffeine) should automatically get removed/disabled, and an notification email should get sent. A warning email should be sent at least one week in advance. We will need to add a new API endpoint, e.g. `/api/groups/expire`.
merenber added the
priority
medium
 label 2023-10-26 03:53:58 -04:00
merenber added
priority
high
 and removed
priority
medium
 labels 2024-03-01 17:55:07 -05:00
merenber commented 2024-03-01 17:55:29 -05:00
Author
Owner
Copy Link

Bumping to high because there are some clubs which use lingering systemd services for their club accounts.

Bumping to high because there are some clubs which use lingering systemd services for their club accounts.
n4chung commented 2024-03-05 17:57:52 -05:00
Owner
Copy Link

Question is how often to check for "non-active" club reps? is there a grace period or something?

Question is how often to check for "non-active" club reps? is there a grace period or something?
merenber commented 2024-03-11 14:59:28 -04:00
Author
Owner
Copy Link

Question is how often to check for "non-active" club reps? is there a grace period or something?

If a club has had no active club reps for an entire term or longer, then we should consider it to be inactive.

> Question is how often to check for "non-active" club reps? is there a grace period or something? > If a club has had no active club reps for an entire term or longer, then we should consider it to be inactive.
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
master
124-fix-regression
new-positions
54-newsletter
WIP-66
65-isClubRep-fix
83-sqlfstrings
60-group-lookup
63-fix-ci
1.0.22
v0.5.1
v0.4.11
v0.4.10
v0.4.9
v0.4.8
v0.4.7
v0.4.6
v0.4.5
Labels
Clear labels   
priority
high
High priority

  
priority
low
Low priority

  
priority
medium
Medium priority

  
priority
very high
Very high priority

  
BUG

   
Feature

   
High Priority

   
Low Priority

   
Medium Priority
No Label
priority
high
priority
low
priority
medium
priority
very high
BUG
Feature
High Priority
Low Priority
Medium Priority
Milestone
Clear milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
No Assignees
2 Participants
Notifications
Due Date
The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

No dependencies set.

Reference: public/pyceo#110
No description provided.
Delete Branch "%!s(<nil>)"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?