Re: User Administration (Forwarded message from Andreas Schuldei <andreas@schuldei.org>)

To: debian-edu@lists.debian.org
Subject: Re: User Administration (Forwarded message from Andreas Schuldei <andreas@schuldei.org>)
From: Runo Forrisdahl <runo@infostream.no>
Date: Tue, 2 Nov 2004 07:27:37 +0100
Message-id: <20041102062737.GB6645@infostream.no>
Reply-to: Andreas Schuldei <andreas@schuldei.org>
In-reply-to: <20041101094611.GB9603@infostream.no>
References: <20041029100432.GA7203@infostream.no> <20041029195410.GB7112@bzzware.org> <20041029201157.GA619@saruman.uio.no> <200410301319.11791.rgx@gmx.de> <20041101094611.GB9603@infostream.no>

----- Forwarded message from Andreas Schuldei <andreas@schuldei.org> -----

Forwarded on request from Andreas.

| Date: Mon, 1 Nov 2004 13:48:59 +0100
| From: Andreas Schuldei <andreas@schuldei.org>
| Subject: Re: User Administration
| To: Runo Forrisdahl <runo@infostream.no>
| 
| On Mon, Nov 01, 2004 at 10:46:11AM +0100, Runo Forrisdahl wrote:
| > How much work needs to be done to enable anyone in group admins to
| > create/delete/modify user(s)/group(s) and passwords?
| 
| well, it is hard to estimate that time and work volume. are you
| interested in doing it? i would love to hear more from you.
| 
| there are two ways i see just now.
| 
| 1) with the present layout based on ldap
|    - you need to extend openldap ACLs to be able to operate both
|      based on posix-group membership *granting* the access and on
|      posix-group membership as a target for access. example:
|      members in the jradmina group (granting) are allowed to change
|      passwords for members in the teachers and students group
|      (target). (? weeks)
|    - then only some minor tweaks in the webmin-ldap-user-simple
|      module are needed. (1-2 days)
|    
|    this option requires some insight into the inner working of
|    openldap. One would guess that it had been done allready had
|    it been easy. It should be possible, though.
| 
| 2) with the future cerebrum backend and ldap as the directory
|    frontend, and webmin as the gui
|    - switch webmin-ldap-user-simple to use cerebrum as a backend.
|      (2-4 weeks)
|    - get the cerebrum package up to speed 3-5 weeks including
|      preconfiguration, a debian-edu profile with spreads etc,
|      (work in progress)
|    - get import and export filters written (uncertain, might take
|      only a week)
|    - provide an upgrade path from flat files (2 weeks?) or
|      present WLUS setup with data stored in ldap (4 weeks)
|    - more work which i am unaware of atm
| 
|    this option is the one i pursue right now and that i would
|    recommened to consider more closely. see also
|    http://developer.skolelinux.no/~andreas/wishlist.txt
| 
| > Are the admins and Jr. admins groups intended to preform these tasks?
| 
| yes

----- End forwarded message -----

-- 
Runo Førrisdahl -
Infostream http://www.infostream.no/

Reply to:

Follow-Ups:
- Re: User Administration
  - From: Finn-Arne Johansen <faj@bzz.no>

References:
- Re: User Administration
  - From: Runo Forrisdahl <runo@infostream.no>

Prev by Date: Weekly report week 44, and next step
Next by Date: Re: Workstation Maintainance?
Previous by thread: Re: User Administration
Next by thread: Re: User Administration
Index(es):
- Date
- Thread