#1578: OSGeo LDAP contains spam accounts
---------------------------+-------------------
Reporter: darkblueb | Owner: sac@…
Type: defect | Status: new
Priority: critical | Milestone:
Component: Systems Admin | Keywords: LDAP
---------------------------+-------------------
reported by Martin Spott ..
Q. can we characterize the attributes ? what groups and what privelages
Q. can new spam account creation be stopped
Q. can we characterize the attack vector ? how did they get there
also see ticket #165
--
Ticket URL: <http://trac.osgeo.org/osgeo/ticket/1578>
OSGeo <http://www.osgeo.org/>
OSGeo committee and general foundation issue tracker.
#1578: OSGeo LDAP contains spam accounts
---------------------------+--------------------
Reporter: darkblueb | Owner: sac@…
Type: defect | Status: new
Priority: critical | Milestone:
Component: Systems Admin | Resolution:
Keywords: LDAP |
---------------------------+--------------------
Comment (by martin):
Note that I said "fake" accounts, not "spam".
Remember that creating OSGeo LDAP user ID's has been kept very simple by
intention, not just by accident. I don't think there's a particular
"attack", they're just using the form we provide.
OSGeo LDAP currently has approx. 18k user ID's, but, as far as I
understand, most of these are not members of any of our project or shell
groups.
--
Ticket URL: <http://trac.osgeo.org/osgeo/ticket/1578#comment:1>
OSGeo <http://www.osgeo.org/>
OSGeo committee and general foundation issue tracker.
#1578: OSGeo LDAP contains spam accounts
---------------------------+--------------------
Reporter: darkblueb | Owner: sac@…
Type: defect | Status: new
Priority: critical | Milestone:
Component: Systems Admin | Resolution:
Keywords: LDAP |
---------------------------+--------------------
Comment (by strk):
This ticket became relevant again these days. See also #1665
What are "Q", "R" and "S" in the original ticket description ?
--
Ticket URL: <https://trac.osgeo.org/osgeo/ticket/1578#comment:2>
OSGeo <http://www.osgeo.org/>
OSGeo committee and general foundation issue tracker.
#1578: OSGeo LDAP contains spam accounts
---------------------------+----------------------
Reporter: darkblueb | Owner: sac@…
Type: defect | Status: closed
Priority: critical | Milestone:
Component: Systems Admin | Resolution: wontfix
Keywords: LDAP |
---------------------------+----------------------
Changes (by strk):
* status: new => closed
* resolution: => wontfix
Comment:
Closed for lack of feedback
--
Ticket URL: <https://trac.osgeo.org/osgeo/ticket/1578#comment:3>
OSGeo <http://www.osgeo.org/>
OSGeo committee and general foundation issue tracker.