From c9bb61dcc02d78da7f6255654dcbd78b368a5062 Mon Sep 17 00:00:00 2001 From: Elizabeth Hunt Date: Sat, 23 Mar 2024 14:08:35 -0400 Subject: [PATCH] basic people playbook --- TODO.md | 1 - docs/PEOPLE_PLAYBOOK.md | 15 +++++++++++++++ 2 files changed, 15 insertions(+), 1 deletion(-) create mode 100644 docs/PEOPLE_PLAYBOOK.md diff --git a/TODO.md b/TODO.md index 83feb2d..906fc5b 100644 --- a/TODO.md +++ b/TODO.md @@ -1,3 +1,2 @@ - [ ] nameservers for users - [ ] create dmarc.report, postmaster email users, give access to infra users -- [ ] figure oute mailbox permissions, ensure users can't just set random senders and stuff, domain fixing diff --git a/docs/PEOPLE_PLAYBOOK.md b/docs/PEOPLE_PLAYBOOK.md new file mode 100644 index 0000000..958baf9 --- /dev/null +++ b/docs/PEOPLE_PLAYBOOK.md @@ -0,0 +1,15 @@ +obviously, don't let people have usernames that would conflict with anything internal (i.e. "email", "infra*", etc.) and are only alphanumeric + +```sh +kanidm login --name idm_admin +kanidm person create --name idm_admin "" +kanidm person credential create-reset-token --name idm_admin + +# allow them to set a unix/ldap password +kanidm person posix set --name idm_admin +kanidm person posix set --name idm_admin --shell /bin/zsh + +# give them email access (need unix access) +kanidm person update --legalname "" --mail @hatecomputers.club +kanidm group add-members mail +```