Firstyear
Firstyear
> I'd say an option to "ignore invalid creds and alert the admin" would be a valid option in this case - the admin would have to manually start a...
> tl;dr probably best to reset the credential (because it's probably VERY old/insecurely stored) 😄 Exactly. :)
@ReimarBauer for reference, the kanidmd server logs tell you what entry had the non-importable credential.
@ReimarBauer You can delete the userPassword attribute on the LDAP side for affected users - then Kanidm and the sync tool won't import anything. As a "gotcha" though, you'll either...
That's not really right, it should error on those cases. Try doing a "refresh". `kanidm system sync force-refresh` which will command the sync tool to re-import all attributes and entries....
Yeah that's a trap that I really should resolve at some point, that uuid's can't be reused. I made the classic mistake of having the uuid do two things -...
I want to think about this a bit, I think there could be some subtle issues in this request and I want to think about them before we proceed.
Hey there, I think there is a key point that you may be over looking here, from this section in the introduction: > A key design goal is that you...
This is good to know, can you elaborate more on what confused them? Finding ways to improve that user experience is really important to us, because an un-usable system is...
But that's fine, one passphrase is all someone should need, the rest are stored in the device. The hard part is how to get those device-user passwords into the device...