Re: Too many default groups in Skolelinux' LDAP schema?
torsdag 18. mars 2004, 10:45, skrev Herman Robak:
> The LDAP frontend must (MUST!!!) enforce this
> limitation, and warn the admin once it is encountered.
> Failing silently is not an option.
Correct. We have to limit the groups to the "person-groups" teacher
(user), pupil (user), and administrator. It should be posible to
"connect" the one or more teachers to a class, and the same for pupils.
But they can only be a member of one class ...
> At the school where my cousin is IT admin (i.e. a teacher
> who got the additional chore of being sysadmin) I suspect
> the number of groups have already exceeded 16. Some of
> the newly added users could not log in.
As I wrote before. They think the solution gives more flexibility, and
mixes a ICT-sys.admin functionality with the school.admin system. I
have seen this often. It's _not_ the same, and the functionality in
WLUS has to reduce the complexity, and not allow the creation of to
many groups. Classes are OK, but not any more. It's almost like Bjørn
Ove Grøtan writes:
The EduPerson- and norEduPerson-schemas from the Feide-project could
be of good assistance here. Keeping in mind max 16 groups for nfs,
but rather store class-information in the attribute
edupersonaffiliation - and let the LMS or equivalent system handle
authorization with use of this attribute.
If this condition and limitations get better with NFS v4, then we can
make a more relaxed rules in the WLUS.