No-new-users feature

[marcvs]

I have the feeling, that it may make sense to have a setting that allows some kind of "freeze" of users.

I.e. a mode in which users are not created automatically, and login only works if an account exists already.

I see the conflict with the authorized_users option in motley-cue.conf, but...

People may be afraid of a system that generates new accounts, and might prefer a mode in which they create a new account config. The only thing to set the correct "gecos" field for /etc/passwd, which can (more or less) easily be done with:

echo -n "${SUB}@${ISS}" | python -c "import sys; import urllib.parse; print(urllib.parse.quote_plus(str(sys.stdin.readlines()[0])))"

[dianagudu]

So something like the read_only mode for the LDAP backend, but applied to any backend? It probably makes sense then to move this issue to the feudalAdapter.

I don't see a big conflict with authorized_users, logically they are two separate things. Even when an account was created manually by the admin, the user needs to be authorised to access the service, either through authorized_users, authorized_vos, or by authorising all users from an OP. Sure, I guess there is redundant configuration, but that's the price to pay for the admin to gain more control.