Firstyear
Firstyear
This has to apply between the ldap server and the webserver so that we have fd's remaining for other IO.
we need to add this to the systemd unit files, and the docker examples to ensure we aren't hitting client connection limits.
k8s support
It would be good to support kanidm's docker image working in k8s, especially with good native configuration and deployment options.
In some cases we split passwords between roles (login, posix, radius). We could consider for accounts with few privileges to have these auto-synced.
Modifications to a high priv group's members should be able to go through a two step process, where a member_request is made by a source account, and then an account...
Related to #211 (scim), which can have complex value types, how do we represent and apply these filters with our internal filtering capability?
Should there be size limits on attribute sets? Especially for self-modified multievalue attributes to prevent DOS, but also to limit the numebr of attributes to check in some filtering cases?...
In some cases we want to record audit events on objects for transparency. For example, on failed authentication we want to write to the object about the failed authentication. We...
It should be possible to store keys with options like : ``` command="borg serve --restrict-to-repository /home/backup/",restrict ``` This way wecan store keys for service accounts centrally and potentially even hav...
Having shared secrets within a group or for accounts, with escrow is often an important piece of enterprise security. We should consider how this could be implemented in kanidm, especially...