[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: experimental: WLUS with jradmins and admins

Andreas Schuldei wrote:
this is an experimental version of wlus that supports ACLs that
allow for jradmins and admins to change passwords for users.

I recommend to test this on sarge based debian-edu systems to
start with. It is possible to do the same thing for woody
installes, but it requires an other ACL syntax. And since we will
have slapd 2.2 in sarge soon, anyway, i thought it was best to
use that for development.

To test this software you need to install the slapd 2.2.X from
debian unstable. so you need to add a line like
deb http://ftp.no.debian.org/debian/ unstable main contrib non-free

to your sources.list.

then download http://developer.skolelinux.no/~andreas/webmin-ldap-user-simple_1.4-4_all.deb

stop slapd /etc/init.d/slapd stop

Although there will be created a dump during upgrade-ldap-backend, I thinks it's smart to do a
 slapcat -l /var/backups/tjener.ldif
before continuing.
I think upgrade-ldap-backend also does this (although to another file), but it never hurts to be on the safe side.

untar tar xfz slap-config.tar.gz -C /etc/ldap install the new slapd and necessary dependencies apt-get install slapd install dpkg -i webmin-ldap-user-simple_1.4-4_all.deb upgrade the ldap database backend
small correction:

start slapd
	/etc/init.d/slapd start

now you should be able to add a new user of the role jradmins or
admins. when logging into webmin as that user you should be able
to modify passwords of the lesser authority groups.
this is the ranking of the authority groups

students teachers

- a user in the group students can have his password changed by
  jradmins and admins and admin and himself
- a user in the groups jradmins and students can get his password
  changed by admins and admin and himself
- a user in the group admins can get her password changed by
  admin and herself.

plans are to give more power to the admins group, besides
changing passwords.

Finn-Arne Johansen

Reply to: