mdecimus
commented
1 month ago Hi,
This is the intended behaviour, fall back admin accounts should be disabled after setup and use instead an administrator account defined in your directory.
Closed dvzrv closed 1 month ago
mdecimus
commented
1 month ago Hi,
This is the intended behaviour, fall back admin accounts should be disabled after setup and use instead an administrator account defined in your directory.
dvzrv
commented
1 month ago Ah, alright. Thanks for clarifying that!
What happened?
When e.g. using
authentication.fallback-admin.user = "admin"in config.toml and creating a user with the login"admin", the latter will shadow the fallback-admin user.This is quite confusing (although I guess it can be changed by adapting
authentication.fallback-admin.user) and it would probably be good to block administrators from adding an account where theLogin namematches that of the fallback-admin.How can we reproduce the problem?
Add
authentication.fallback-admin.user = "admin"to config.toml and after login with it create an account for any domain with the Login name "admin".Version
v0.7.x
What database are you using?
RocksDB
What blob storage are you using?
RocksDB
Where is your directory located?
Internal
What operating system are you using?
Linux
Relevant log output
No response
Code of Conduct