Invalid user names when creating a LDAP account
Posted
by h1d
on Server Fault
See other posts from Server Fault
or by h1d
Published on 2009-11-30T04:21:52Z
Indexed on
2010/04/24
7:04 UTC
Read the original article
Hit count: 210
I'm trying to set up a system where a visitor can enter any user name in a form to create a new user and in the end it gets built on LDAP directory and I'm planning that to be mapped as a UNIX account as well (on Ubuntu Linux) by making the system look up for system accounts on the LDAP. Doing so is fine, but I feel that many user names should be avoided, one of the obvious being 'root' and all the other user names taken for daemons etc.
How do you tackle at this problem? Do you make up a list of disallowed user names by checking /etc/passwd? I was thinking that if, internally, the user names could be prepended as 'ldap_' or something, it will avoid any naming conflicts but that seems hard when the LDAP entry name is 'joe' but the system account will look like 'ldap_joe'. Not even sure how that can be achieved.
© Server Fault or respective owner