You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
If someone manages to add a user or a group to the BMC, it will be unnoticed forever. This is not ideal from a security point of view. We would like to add an option to purge any user or group that is not specified in the configuration. With this option bmcbutler will remove the unmanaged users/groups on the next run.
I propose to add 2 new bool keys to the configuration (purgeUnmanagedUsers & purgeUnmanagedLdapGroups). This way it will be optional and it will not break backward compatibility.
The text was updated successfully, but these errors were encountered:
I have pushed a sample implementation to purge the unmanaged users in iLO. I would love to hear some feedback before adding implementations to the rest of the providers.
In this case it would be ideal to have bmclib limit its interface methods to - Select/Create/Update/Delete
and the client invoking bmclib, in this case bmcbutler, takes care of invoking the Delete method on User/LdapGroups that should not be on the BMC. This will allow us to have a clearly defined scope for bmclib.
I understand in this case, the Users and LdapGroups is imported from bmclib,
hence limiting the configuration options that you can declare in the BMC configuration file
An option is to define a User/LdapGroup struct within bmcbutler that inherits the bmclib User struct,
and that way bmcbutler can declare its own User/LdapGroup parameters in its BMC configuration.
If someone manages to add a user or a group to the BMC, it will be unnoticed forever. This is not ideal from a security point of view. We would like to add an option to purge any user or group that is not specified in the configuration. With this option bmcbutler will remove the unmanaged users/groups on the next run.
I propose to add 2 new bool keys to the configuration (
purgeUnmanagedUsers
&purgeUnmanagedLdapGroups
). This way it will be optional and it will not break backward compatibility.The text was updated successfully, but these errors were encountered: