Page MenuHomePhabricator

Enhance account handling (meta bug)
Open, MediumPublic

Description

This task tracks various enhancement tasks around account/group membership handling in the WMF systems.

Related Objects

StatusSubtypeAssignedTask
OpenNone
ResolvedMoritzMuehlenhoff
ResolvedMoritzMuehlenhoff
DeclinedNone
OpenNone
Resolvedhashar
ResolvedMoritzMuehlenhoff
ResolvedMoritzMuehlenhoff
OpenNone
DeclinedNone
ResolvedMoritzMuehlenhoff
DeclinedNone
ResolvedMoritzMuehlenhoff
Resolved AlexMonk-WMF
OpenNone
DeclinedNone
DeclinedNone
OpenNone
ResolvedMoritzMuehlenhoff
ResolvedDzahn
OpenNone
OpenNone
StalledNone

Event Timeline

Is there a way to disable an account in LDAP that would then fail for authentication for all ancillary services that check LDAP? We have run into wanting this a few times with spammers who hit Phab and then wikitech or gerrit. The common point of authentication is there but we end up playing whackamole in every venue individually. We have also wanted this for a Tool account or service user that is suspected as compromised and the workarounds are very specific and hacky.