Slapd-config, jrpasswd and admins
I've checked in a new slapd-sarge-debian-edu.conf. Those of you who
knows anything about slapd configuration, please have a look.
I've tested this one, and it will allow jradmins to change _every_
password except the ldap-admin password.
And I think it will allow admins to add users. We still need a decent
tool for the admins and the jrAdmins to use, but this will at least
allow them.
I've modified the old passwd utility of
/usr/share/debian-edu-config/tools to use the logged in user for
authentication , if run by a user that exists in ldap. If not, you still
have to use the ldap admin password.
There is also the new utility called jrpasswd by Bjoern Ove (gagatan),
located at the same location, that should do the job.
The later should provide better security, since it's python, and the
former is bash code, which could make it possible to sniff the password
while used (although I have not been able to sniff the password)
I'm not sure about how jrpasswd will update the samba password, but I
know that passwd tries to use sudo , so you will have to do some work
there.
As said, those of you who speak slapd.conf fluently, please have a look,
and the rest, please have a test.
I've not created a new package, but next time someone creates a new
debian-edu-config-package, the new config will be in place.
Also - I'm not sure if the old config worked with samba, but I think the
new one does. Could someone verify before we release ?
If you do not have the latest svn availible, you can have a look at
http://svn.debian.org/wsvn/debian-edu/trunk/src/debian-edu-config/etc/ldap/slapd-sarge_debian-edu.conf?op=file&rev=0&sc=0
--
Finn-Arne Johansen
faj@bzz.no http://bzz.no/
Debian-edu developer and Solution provider
EE2A71C6403A3D191FCDC043006F1215062E6642 062E6642
Reply to: