wlus / User Administration
Hello everyone.
SLX Debian Labs is starting a project for improving user
administration in Skolelinux/debian-edu in general and
wlus in particular. The background for the project is
mainly feedback from users.
We had a meeting in Oslo on this subject with Andreas
Schuldei, Ragnar Wisløff, Knut, Vidar and myself present.
What follows is based on conclusions from that meeting.
1. Problem with "junior admin" rights
-------------------------------------
This issue has been raised from (among others) Trond from
Kongsvinger. Password administration takes too much time,
and it should be possible to authorise users to change other
users' password.
Andreas told us that there is already a solution to this,
although it is not 100% packed and documented yet.
TODO: Ragnar will try the solution out in Kongsvinger and
report back to Halvor if it works or not. If it does work,
Andreas will complete a "read me" file or something for
documentation.
2. Password policy
------------------
We agreed that the first time a user logs in (with a pre-
defined password), he will get a message saying that the
password is expired and be requested to enter and confirm
a new password (this is similar to Windows). Whether this
feature will be configurable or not is not yet decided.
Andreas told us that administration of password restrictions
(length, numbers etc) is already implemented in wlus, including
a user interface for administrator.
TODO: Andreas will check if pam in our setup can do this.
TODO: Andreas will check if kdm can be used to do the entering
and confirmation of a new password (it can be done in wlus).
3. Mass import
--------------
Kongsvinger has reported a general problem doing mass import
of user data into ldap. Ragnar informed us this had to do
with the general poor performance in entering new users which
takes approximately 5 minutes per user(!). We do not know
at the moment the reason for the problem. Kongsvinger has
around 2700 users in their ldap database.
TODO: Ragnar/Trond will try to increase the cache_size
parameter in the ldap config file. If that does not help,
they will try to install ldap 2.2 which should be 10-100
times faster than the current version in Kongsvinger (Andreas
told us that wlus is functioning together with ldap 2.2).
If that does not help, some serious debugging will need to be
done.
Update: Ragnar has tried to change parameters in ldap config
file and it did not work.
4. Other wlus problems
----------------------
There has been some general complaints about the user interface.
This will be addressed later in this summary. Apart from what
is already covered, there are no known major bugs in wlus.
But there is no good and updated user documentation.
TODO: Create a new user documentation for wlus. Person to do
it will be assigned later.
5. Data import
--------------
Knut and Halvor had a meeting with Morten Dahl who is the project
manager for FEIDE. Based on his recommendations we decided that
we would use the XML interface developed by Uninett ABC for importing
data from School Administration Systems (SAS). Further clarifications
will be done together with Uninett ABC.
Skolelinux will *not* use Cerebrum for anything.
There are a number of different data formats for student data. Among
them are Microsoft Active Directory, Novell eDirectory and different
kinds of spreadsheets. In order to have a documented specification
we will use the same XML interface for transferring data from external
systems other than SAS.
TODO: Andreas will do what is necessary to support a new unique
key in ldap for data import. In Norway this will be "personnummer",
but the format will need to be generic.
TODO: Write a program for importing data from XML interface to
Skolelinux' import format to ldap which is a comma/colon separated
file. Person to do it will be assigned later.
6. Data export
--------------
There are a number of systems that may need to import data from
Skolelinux. Examples are LMSs like ClassFronter, It's Learing!
and Micrsoft Learning Gateway. We decided to use Uninett ABC's
XML interface for User Administration Systems (BAS) for exporting
data from Skolelinux.
TODO: Write a program for downloading data from the Skolelinux
ldap database to Uninett ABC's XML format. Person to do it will
be assigned later.
7. Technical architecture
-------------------------
It was agreed that we need a three-tier application architecture
for user administration in Skolelinux to be able to support
different types of user interfaces. WebMin is probably not the
right tool, and we will decide on a new development framework
as part of the overall project. We will also create a new KDE
client covering all operations currently defined as use cases
in wlus.
TODO: Select development framework. Will be done later.
TODO: Create updated use cases as starting point for new KDE
interface and user documentation. Person to do it will be
assigned later.
TODO: Create new user administration interface in KDE. Person
to do it will be assigned later.
TODO: Write new business logic in a three-tier application
architecture. Person to do it will be assigned later.
8. Project plan
---------------
SLX Debian Labs will propose a time schedule for the projsect
after decisions have been communicated to everyone involved and
reactions from users taken into account.
TODO: Make project plan for new user administration system in
Skolelinux. Person to do it will be assigned later.
9. +++
------
Andreas told us about two other parts of wlus that needs
be improved:
(1) regression testing framework
(2) special permissions for exams
Activities related to this will be integrated into the overall
project plan.
Halvor
Reply to: