8000 Exempt idm_admin and admin from denied names. by Firstyear · Pull Request #3429 · kanidm/kanidm · GitHub
[go: up one dir, main page]
More Web Proxy on the site http://driver.im/
Skip to content

Exempt idm_admin and admin from denied names. #3429

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
Feb 15, 2025
Merged

Exempt idm_admin and admin from denied names. #3429

merged 2 commits into from
Feb 15, 2025

Conversation

Firstyear
Copy link
Member

idm_admin and admin should be exempted from the denied names process, as these values will already be denied due to attribute uniqueness. Additionally improved the denied names check to only validate the name during a change, not during a modifification. This way entries that become denied can get themself out of the pickle.

Fixes #3426

Checklist

  • This PR contains no AI generated code
  • book chapter included (if relevant)
  • design document included (if relevant)

@Firstyear Firstyear marked this pull request as ready for review February 14, 2025 03:08
CEbbinghaus
CEbbinghaus requested changes Feb 14, 2025
View reviewed changes
Copy link
Collaborator
@CEbbinghaus CEbbinghaus left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Just the attribute check for type = systemaccount. Rest looks 👌

@Firstyear Firstyear force-pushed the 20250213-denied-names branch from 0e6c4e1 to d4890a6 Compare February 15, 2025 02:24
@Firstyear
Copy link
Member Author

@CEbbinghaus Good to go.

@Firstyear Firstyear enabled auto-merge (squash) February 15, 2025 02:37
CEbbinghaus
CEbbinghaus approved these changes Feb 15, 2025
View reviewed changes
Copy link
Collaborator
@CEbbinghaus CEbbinghaus left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM 👍

@Firstyear @CEbbinghaus
Exempt idm_admin and admin from denied names.
b62ca76 
idm_admin and admin should be exempted from the denied names process,
as these values will already be denied due to attribute uniqueness.
Additionally improved the denied names check to only validate the
name during a change, not during a modifification. This way entries
that become denied can get themself out of the pickle.
@Firstyear @CEbbinghaus
Review feedback
c50de35
@CEbbinghaus CEbbinghaus force-pushed the 20250213-denied-names branch from d4890a6 to c50de35 Compare February 15, 2025 22:31
@Firstyear Firstyear merged commit ed88b72 into kanidm:master Feb 15, 2025
22 checks passed
@Firstyear Firstyear deleted the 20250213-denied-names branch February 18, 2025 00:22
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@yaleman yaleman yaleman approved these changes

@CEbbinghaus CEbbinghaus CEbbinghaus approved these changes

Assignees
No one assigned
Labels
None yet
Projects
Organising Everything
Status: ✅ Done
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Adding 'admin' to denied-names prevents account recovery of build-in admin account
3 participants
@Firstyear @yaleman @CEbbinghaus
0