pbelmann
commented
6 years ago In __import_dpcc_userdata all users not currently active in the perun data set are deleted/disabled.
This is particular bad for service accounts (e.g. monitoring or domain admin access), since these accounts are also deleted/disabled.
Since all users managed by perun are flagged, a simple solution would be filtering the user list in https://github.com/deNBI/perunKeystoneAdapter/blob/master/python/denbi/bielefeld/perun/endpoint.py#L149 for flagged users only.
These same should also be applied to the project handling code.
The perun keystone adapter never deletes users or projects. So as long as you do not tag the users or projects with "perun_propagation" the adapter will not touch them.
@jkrue please correct me if I'm wrong.
jkrue
In __import_dpcc_userdata all users not currently active in the perun data set are deleted/disabled.
This is particular bad for service accounts (e.g. monitoring or domain admin access), since these accounts are also deleted/disabled.
Since all users managed by perun are flagged, a simple solution would be filtering the user list in https://github.com/deNBI/perunKeystoneAdapter/blob/master/python/denbi/bielefeld/perun/endpoint.py#L149 for flagged users only.
These same should also be applied to the project handling code.