[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Too many default groups in Skolelinux' LDAP schema?

torsdag 18. mars 2004, 10:45, skrev Herman Robak:
> The LDAP frontend must (MUST!!!) enforce this
> limitation, and warn the admin once it is encountered.
> Failing silently is not an option.

Correct. We have to limit the groups to the "person-groups" teacher 
(user), pupil (user), and administrator. It should be posible to 
"connect" the one or more teachers to a class, and the same for pupils. 
But they can only be a member of one class ...

>  At the school where my cousin is IT admin (i.e. a teacher
> who got the additional chore of being sysadmin) I suspect
> the number of groups have already exceeded 16.  Some of
> the newly added users could not log in.

As I wrote before. They think the solution gives more flexibility, and 
mixes a ICT-sys.admin functionality with the school.admin system. I 
have seen this often. It's _not_ the same, and the functionality in 
WLUS has to reduce the complexity, and not allow the creation of to 
many groups. Classes are OK, but not any more. It's almost like Bjørn 
Ove Grøtan writes: 

  The EduPerson- and norEduPerson-schemas from the Feide-project could
  be of good assistance here. Keeping in mind max 16 groups for nfs,
  but rather store class-information in the attribute
  edupersonaffiliation - and let the LMS or equivalent system handle
  authorization with use of this attribute.

If this condition and limitations get better with NFS v4, then we can 
make a more relaxed rules in the WLUS. 

- Knut

Reply to: