Automatically expire LDAP users for clubs #110
Labels
No Label
priority
high
priority
low
priority
medium
priority
very high
BUG
Feature
High Priority
Low Priority
Medium Priority
No Milestone
No project
No Assignees
2 Participants
Notifications
Due Date
No due date set.
Dependencies
No dependencies set.
Reference: public/pyceo#110
Loading…
Reference in New Issue
No description provided.
Delete Branch "%!s(<nil>)"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
The LDAP user entries for clubs (which do not have corresponding Kerberos principals) should have
shadowExpire=1
set when they no longer have any active club reps. This way, PAM will prevent their cron jobs from running. Resources such as cloud VMs and vhost configs (on caffeine) should automatically get removed/disabled, and an notification email should get sent. A warning email should be sent at least one week in advance.We will need to add a new API endpoint, e.g.
/api/groups/expire
.Bumping to high because there are some clubs which use lingering systemd services for their club accounts.
Question is how often to check for "non-active" club reps? is there a grace period or something?
If a club has had no active club reps for an entire term or longer, then we should consider it to be inactive.