search

GEWIS / sudosos-backend

SudoSOS is a Node.js-based Bar and POS system made for study association GEWIS.
https://sudosos.gewis.nl
GNU Affero General Public License v3.0
6 stars 3 forks source link

[Feature] Always sync AD service accounts, even if they do not yet exist in SudoSOS #330

Open Yoronex opened 2 weeks ago

Yoronex commented 2 weeks ago

What would you like?

SudoSOS should always synchronize service accounts from AD.

Why is this needed?

Service accounts can be used to integrate SudoSOS with external services, like Aurora or barcommissie.nl. You want to use service accounts, as they can only access the things they are allowed to. However, there is currently no way to use such accounts. SudoSOS only synchronizes AD accounts that exist in SudoSOS. However, for an AD user to be created, the user has to log in with AD once, but this is impossible for service accounts (which often do not have a password).

How could it be implemented?

SudoSOS should create a new user account for an AD user during synchronization, if the to-be-added user is a service account.

Other information

No response

JustSamuel commented 2 weeks ago

Priority high? Also, I think this can be implemented in the LDAP sync that we created for the members, we only really need to define the service accounts groups as a sudosos role / permission.

Yoronex commented 2 weeks ago

Yes this is pretty high priority in my opinion, because I am currently using my own API key, which is pretty dangerous if you ask me. Before, I used yours.