Enhance account handling (meta bug)
Open, NormalPublic

Description

This task tracks various enhancement tasks around account/group membership handling in the WMF systems.

Related Objects

StatusAssignedTask
OpenNone
ResolvedMoritzMuehlenhoff
ResolvedMoritzMuehlenhoff
DeclinedNone
OpenNone
Resolvedhashar
ResolvedMoritzMuehlenhoff
ResolvedMoritzMuehlenhoff
OpenNone
DeclinedNone
ResolvedMoritzMuehlenhoff
DeclinedNone
ResolvedMoritzMuehlenhoff
Resolved AlexMonk-WMF
OpenNone
DeclinedNone
DeclinedNone
OpenNone
ResolvedMoritzMuehlenhoff
ResolvedDzahn
OpenNone
OpenNone
OpenNone
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptAug 12 2016, 9:26 AM
faidon added a subscriber: faidon.Aug 12 2016, 10:42 AM
greg added a subscriber: greg.Aug 20 2016, 8:05 AM
MoritzMuehlenhoff triaged this task as Normal priority.Sep 6 2016, 12:58 PM
chasemp added a subscriber: chasemp.Feb 6 2017, 5:26 PM

Is there a way to disable an account in LDAP that would then fail for authentication for all ancillary services that check LDAP? We have run into wanting this a few times with spammers who hit Phab and then wikitech or gerrit. The common point of authentication is there but we end up playing whackamole in every venue individually. We have also wanted this for a Tool account or service user that is suspected as compromised and the workarounds are very specific and hacky.