[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Unix group to handle CDD roles?

[Cosimo Alfarano]
> Which is the best way to handle CDD roles / ownerships to CDD?

Not sure about the best way, but I can tell you how debian-edu solve
this now, and how we plan to improve it in the future.

We have a design decision to provide user groups as both file groups
and netgroups.  This is to avoid the confusion I've seen when
membership is updated in the wrong type of group.  We keep the user
and group info in LDAP, and use libnss-ldap and libpam-ldap to
authenticate using the LDAP database.  We have a webmin module to
update the user information in LDAP, webmin-ldap-user-simple.

In the near future, we are going to get the Cerebrum system working
with Debian Edu, to get a system for automatic user administration.
This will change the authorative user database from LDAP to a
PostgreSQL database with a framework for updating and extracting info
in the database.  We will generate the LDAP database from the Cerebrum

More info on Cerebrum is available from
<URL:http://bugs.debian.org/228716> and

Reply to: