Re: Adding delegation of authority to the current LDAP structure?

To: debian-edu@lists.debian.org
Subject: Re: Adding delegation of authority to the current LDAP structure?
From: Petter Reinholdtsen <pere@hungry.com>
Date: Sat, 5 Mar 2005 16:52:04 +0100
Message-id: <[🔎] 20050305155204.GA21404@saruman.uio.no>
In-reply-to: <[🔎] 1110031111.5005.12.camel@reliant>
References: <[🔎] E1D7Xbp-00002g-EF@saruman.uio.no> <[🔎] 1110031111.5005.12.camel@reliant>

[Trond Mæhlum]
> As far as I can see, the teacher group already has this authority. When
> a member of teacher logs into webmin, the have access to the ldap user
> module. There they can change the password for a student, but *only* if
> they first type in the old user password (which the student has
> lost...). This makes this function rather pointless.

No, this authority is not granted to the teacher group.  Every user
have the authority to change his password, and this is the authority
the teacher is invoking by specifying the username and password of the
student.  The teacher is not acting as a teacher, she is acting _as
the student_.  And this authority is granted by the LDAP server
(slapd) - any connection capable of supplying a valid username and
password is allowed to change the password of the given user.

The issue I describe require allowing some users access to changing
_other_ users password, and this need a different set of premissions.

Reply to:

References:
- Adding delegation of authority to the current LDAP structure?
  - From: Petter Reinholdtsen <pere@hungry.com>
- Re: Adding delegation of authority to the current LDAP structure?
  - From: Trond Mæhlum <trond@mahlum.biz>

Prev by Date: Re: Locales and OpenOffice.
Next by Date: Re: Adding delegation of authority to the current LDAP structure?
Previous by thread: Re: Adding delegation of authority to the current LDAP structure?
Next by thread: Re: Adding delegation of authority to the current LDAP structure?
Index(es):
- Date
- Thread