> Is there an option to entirely block someone from even basic TO access despite authenticating with LDAP?
Other than disabling LDAP? No. I wouldn't object to adding a config, but I don't know when I'd be able to find the time. The current version allows entire read-only access, so this PR isn't a step away from that direction, at any rate. The routes currently permitted should be ok from a security perspective to make public, though. They only include overall graphs and bandwidth, a la http://store.steampowered.com/stats/content/ . Even the Help page, which includes the TO version, is prohibited. On Wed, May 31, 2017 at 9:56 AM, David Neuman <[email protected]> wrote: > If you know the user id then there is a DISALLOWED role you can assign them > to. >
