2024-05-12 12:32:47 -04:00
|
|
|
WOW THIS IS BAD:
|
|
|
|
https://kanidm.github.io/kanidm/stable/accounts/anonymous.html
|
|
|
|
```shell
|
|
|
|
kanidm service-account update --entry-managed-by idm_admins anonymous
|
|
|
|
kanidm service-account validity expire-at anonymous epoch
|
|
|
|
```
|
|
|
|
|
2024-03-23 14:08:35 -04:00
|
|
|
obviously, don't let people have usernames that would conflict with anything internal (i.e. "email", "infra*", etc.) and are only alphanumeric
|
|
|
|
|
|
|
|
```sh
|
|
|
|
kanidm login --name idm_admin
|
|
|
|
kanidm person create --name idm_admin <username> "<display name>"
|
|
|
|
kanidm person credential create-reset-token <username> --name idm_admin
|
|
|
|
|
|
|
|
# allow them to set a unix/ldap password
|
|
|
|
kanidm person posix set --name idm_admin <username>
|
|
|
|
kanidm person posix set --name idm_admin <username> --shell /bin/zsh
|
|
|
|
|
|
|
|
# give them email access (need unix access)
|
|
|
|
kanidm person update <username> --legalname "<display name>" --mail <username>@hatecomputers.club
|
|
|
|
kanidm group add-members mail <username>
|
|
|
|
```
|
2024-03-23 17:43:50 -04:00
|
|
|
|
|
|
|
groups you'll probably want to add people:
|
|
|
|
+ gitea-access
|
|
|
|
+ mail
|