sudoers in ldap?
as you may have noticed I currently try to finish the integration of
gosa and kerberos into debian-edu-config.
After adding users to ldap, their home directory has to be created, a
welcome mail sent and with kerberos you need to create a principal
With gosa, you can call a script to do that, but of course you need
the rights to do all what's needed. Usually this is done by allowing
the "gosa-user" www-data to execute that script with sudo.
I started now to define a cf rule to edit /etc/sudoers, but hit the
package sudo-ldap, which might be a better idea: No policy violating
editing of config files but just adding the information to our ldap
It conflicts with sudo and the gnome/kde sudos, but afaik we do not
use these anyway. So if nobody steps up I will try to follow the sudo
-ldap way. Or are there any better ideas around?