Re: Draft spec for cerebrum in Debian Edu
[ Petter Reinholdtsen ]
> As previously promised, here is a draft specification on what an
> Cerebrum installation should do in Debian-Edu. The latests version is
> available from
> Mathias, is this a good starting point for further discussions?
Sure it is. Better to discuss this in plenum.
> What do Skolelinux want from cerebrum?
> Petter Reinholdtsen, 2004-09-28
> - import of person/user info (pupils, teachers, parents, classes)
> from external source (xml?)
> - flat files (comma separated fields)
> - UNIX /etc/ files (passwd, shadow, group, netgroup)
> - schooltool?
> - LDAP?
> - SATS?
> - MSTAS?
> - German system?
Like I've told Petter and Andreas, I'm working on a common import-regime
for different types of Cerebrum installations.
There are two types of imports; the initial import where you sync your
excising data with Cerebrum(NIS, LDAP, Excel, big piles of
hand-written lists, ...). The other is the import of authoritative
data from a School Administrative System(SAS, same in Norwegian) or
other types of authoritative source-systems.
The regime I'm looking at now, is the import from the SAS.
I sent Petter and Andreas a DTD for an XML-schema Bård Jakobsen made
with a Norwegian project, Feide2Go, in mind. Since then we've(Rune
Frøysa and myself) discussed the "IMS Enterprise XML"[*] vs. "the Bård
Enterprise XML". :) Bård's DTD will do what the project wants, but
IMS' file is know around the world and a lot of external providers
support sub-sets of this spec. If IMS' XML-file proves to be
sufficient, we should go with this.
Existing data is somewhat difficult to import into Cerebrum. After a
few external projects at UoO[**], we've discovered that schools often
have data-rot and no known means to get the data from systen Foo to
Cerebrum. I guess we'll come back to this.
> - automatic user account creation and expiration based on info from
> external source.
Done by something called "process_students", but we will have to
generalize this to include any person given certain criteria.
> - automatic group membership based on info from external source
> - automatic placement/moving of home directory based on account
> type/state (pupils in one location, teachers in another, limits
> on users per partition)
I'm not sure where in the system this is handled, but it should be
> - system for disabling accounts temporarely or permanently.
> (admin/teacher set flag to get pupil to show up for consulting)
> - system for allowing (some) teachers to modify/set (some) group
> memberships and (some) pupils passwords. (ie delegate
> - system to allow (some) admins to set passwords on teachers and
> - system for backup of deleted user accounts. (store for 12 months?
> store until storage disk is 80% full?)
Not really a part of Cerebrum, but, as Petter knows, UoO is presently
working on this.
> - exports to LDAP
> - UNIX users, filegroups and user netgroups for NSS/PAM tree
Done, but follows your own structure.
> - samba users tree
Planned, but need spec from you.
> - email tree (for exim) (is there a generic format for this?)
No. We've defined our own structure here as well. It's pretty generic
so it should work for Debian-Edu. We'll look into it.
> - automount tree
> - FEIDE persons tree
> - perhaps Active Directory?
Specify. AD can do tons of stuff. Our module does some of it.
> - perhaps Kerberos and AFS?
Spec. Not implemented.
> - configured out of the box after packages are installed, using
> debconf preseeding.
This is Andreas' table, I guess.
> - must work using package dependencies currently in Debian/Sarge
> (and Debian/Woody if it is easy)
[**] University of Oslo http://www.uio.no
"If it works; HIT IT AGAIN!"