Temporarily block authentication for all but one user

By: Josh Newlin user 06 Nov 2018 at 1:16 p.m. CST

2 Responses
Josh Newlin gravatar
Hey! We will be performing a data migration in our production environment. This requires not allowing normal production users to be able to authenticate for a period of time, however we will have one test user who is performing a smoke test to make sure the changes were executed without a hitch. Is there a way/method to restrict user's access (except specified, test users) for a period of time? Thanks! Josh N.
Rhel 7.3
closed

Answers

By Aliaksandr Samuseu staff 06 Nov 2018 at 2:18 p.m. CST

Copy
Aliaksandr Samuseu gravatar
Hi, Josh. 1. You could write a python script which dumps all user entries from local LDAP and then updates them by changing "gluuStatus" attribute to "inactive", except for admin users and the one regular user you need. 2. You could update your custom authentication script (if you use one) to return "False" for every user except the ones you need to be able to access it. If you use basic LDAP authentication instead, you could switch to "basic" custom auth script which is equivalent to it. [This line](https://github.com/GluuFederation/oxAuth/blob/master/Server/integrations/basic/BasicExternalAuthenticator.py#L47) in it retrieves user's login which you could then compare to intended user's login, and return "False" immediately if it doesn't match.

By Josh Newlin user 06 Nov 2018 at 3:34 p.m. CST

Copy
Josh Newlin gravatar
Aliaksandr, Thanks! I went ahead with the second solution that you offered, and it did as you said. I appreciate the quick response and the helpful answer! Closing the ticket now. Thanks, Josh N.

Post an answer