infra/docs/PEOPLE_PLAYBOOK.md

27 lines
957 B
Markdown
Raw Normal View History

2024-05-12 12:32:47 -04:00
WOW THIS IS BAD:
https://kanidm.github.io/kanidm/stable/accounts/anonymous.html
```shell
kanidm service-account update --entry-managed-by idm_admins anonymous
kanidm service-account validity expire-at anonymous epoch
```
2024-03-23 14:08:35 -04:00
obviously, don't let people have usernames that would conflict with anything internal (i.e. "email", "infra*", etc.) and are only alphanumeric
```sh
kanidm login --name idm_admin
kanidm person create --name idm_admin <username> "<display name>"
kanidm person credential create-reset-token <username> --name idm_admin
# allow them to set a unix/ldap password
kanidm person posix set --name idm_admin <username>
kanidm person posix set --name idm_admin <username> --shell /bin/zsh
# give them email access (need unix access)
kanidm person update <username> --legalname "<display name>" --mail <username>@hatecomputers.club
kanidm group add-members mail <username>
```
2024-03-23 17:43:50 -04:00
groups you'll probably want to add people:
+ gitea-access
+ mail