[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

sudoers in ldap?


as you may have noticed I currently try to finish the integration of
gosa and kerberos into debian-edu-config.

After adding users to ldap, their home directory has to be created, a
welcome mail sent and with kerberos  you need to create a principal

With gosa, you can call a script to do that, but of course you need
the rights to do all what's needed. Usually this is done by allowing
the "gosa-user" www-data to execute that script with sudo.

I started now to define a cf rule to edit /etc/sudoers, but hit the
package sudo-ldap, which might be a better idea: No policy violating
editing of config files but just adding the information to our ldap

It conflicts with sudo and the gnome/kde sudos, but afaik we do not
use these anyway. So if nobody steps up I will try to follow the sudo
-ldap way. Or are there any better ideas around?



Reply to: