sudoers in ldap?

To: debian-edu@lists.debian.org
Subject: sudoers in ldap?
From: "Andreas B. Mundt" <andi.mundt@web.de>
Date: Fri, 14 May 2010 10:04:55 +0200
Message-id: <[🔎] 20100514080455.GA5088@flashgordon>
Mail-followup-to: debian-edu@lists.debian.org

Hi,

as you may have noticed I currently try to finish the integration of
gosa and kerberos into debian-edu-config.

After adding users to ldap, their home directory has to be created, a
welcome mail sent and with kerberos  you need to create a principal
too.

With gosa, you can call a script to do that, but of course you need
the rights to do all what's needed. Usually this is done by allowing
the "gosa-user" www-data to execute that script with sudo.

I started now to define a cf rule to edit /etc/sudoers, but hit the
package sudo-ldap, which might be a better idea: No policy violating
editing of config files but just adding the information to our ldap
bootstrapping.   

It conflicts with sudo and the gnome/kde sudos, but afaik we do not
use these anyway. So if nobody steps up I will try to follow the sudo
-ldap way. Or are there any better ideas around?

Cheers

	Andi

Reply to:

Follow-Ups:
- Re: sudoers in ldap?
  - From: Philipp Huebner <debalance@debian.org>
- Re: sudoers in ldap?
  - From: Petter Reinholdtsen <pere@hungry.com>

Prev by Date: Visiting Nurses & RN's - 91,386 total records with 2,788 emails and 2,390 fax numbers
Next by Date: Re: sudoers in ldap?
Previous by thread: Visiting Nurses & RN's - 91,386 total records with 2,788 emails and 2,390 fax numbers
Next by thread: Re: sudoers in ldap?
Index(es):
- Date
- Thread