-
Notifications
You must be signed in to change notification settings - Fork 6
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Allow specifying a fixed prefix and maximum allowed length for accounts generated by the Active Directory backend #449
Comments
I'm curious about the max length one, we should already be hard-coded to fit within AD's limits. Do they systems that limit it further? There's also the problem that the shorter it gets, the more likely collissions get... :/ |
Do we think collisions are a real issue? ChatGPT says this:
Not sure about the length restriction, I can check, but I don't think there is anything we can do there, if we touch this anyway, it might be best to just accept it, make it configurable and add a note to the docs about "you shouldn't need to set this, but if you do, please make sure you consider possible collisions".. |
I was confusing CN and samAccountName here. CN is problematic, sAN is just random anyway so we can set it to whatever. |
Can you please include a link to the docs and include a snippet we can use for the release notes? |
Docs: https://docs.stackable.tech/home/nightly/secret-operator/secretclass#ad-samaccountname Release notes: "Added support for customizing sAMAccountName generation" The CRD change is purely additive, by default it will keep the old behaviour. |
Just wanted to let you know that this is perfectly fine, we're looking forward to 24.11 :-) thanks for your quick solution |
We should enhance the secret operator to give a certain degree of influence over the accounts that it generates in active directory, when using this backend for Kerberos principals.
Necessary functionality:
samaccountname
s of like for example "svc01"The text was updated successfully, but these errors were encountered: