Re: User Administration (Forwarded message from Andreas Schuldei <firstname.lastname@example.org>)
----- Forwarded message from Andreas Schuldei <email@example.com> -----
Forwarded on request from Andreas.
| Date: Mon, 1 Nov 2004 13:48:59 +0100
| From: Andreas Schuldei <firstname.lastname@example.org>
| Subject: Re: User Administration
| To: Runo Forrisdahl <email@example.com>
| On Mon, Nov 01, 2004 at 10:46:11AM +0100, Runo Forrisdahl wrote:
| > How much work needs to be done to enable anyone in group admins to
| > create/delete/modify user(s)/group(s) and passwords?
| well, it is hard to estimate that time and work volume. are you
| interested in doing it? i would love to hear more from you.
| there are two ways i see just now.
| 1) with the present layout based on ldap
| - you need to extend openldap ACLs to be able to operate both
| based on posix-group membership *granting* the access and on
| posix-group membership as a target for access. example:
| members in the jradmina group (granting) are allowed to change
| passwords for members in the teachers and students group
| (target). (? weeks)
| - then only some minor tweaks in the webmin-ldap-user-simple
| module are needed. (1-2 days)
| this option requires some insight into the inner working of
| openldap. One would guess that it had been done allready had
| it been easy. It should be possible, though.
| 2) with the future cerebrum backend and ldap as the directory
| frontend, and webmin as the gui
| - switch webmin-ldap-user-simple to use cerebrum as a backend.
| (2-4 weeks)
| - get the cerebrum package up to speed 3-5 weeks including
| preconfiguration, a debian-edu profile with spreads etc,
| (work in progress)
| - get import and export filters written (uncertain, might take
| only a week)
| - provide an upgrade path from flat files (2 weeks?) or
| present WLUS setup with data stored in ldap (4 weeks)
| - more work which i am unaware of atm
| this option is the one i pursue right now and that i would
| recommened to consider more closely. see also
| > Are the admins and Jr. admins groups intended to preform these tasks?
----- End forwarded message -----
Runo Førrisdahl -