[Cosimo Alfarano] > Which is the best way to handle CDD roles / ownerships to CDD?
Not sure about the best way, but I can tell you how debian-edu solve this now, and how we plan to improve it in the future. We have a design decision to provide user groups as both file groups and netgroups. This is to avoid the confusion I've seen when membership is updated in the wrong type of group. We keep the user and group info in LDAP, and use libnss-ldap and libpam-ldap to authenticate using the LDAP database. We have a webmin module to update the user information in LDAP, webmin-ldap-user-simple. In the near future, we are going to get the Cerebrum system working with Debian Edu, to get a system for automatic user administration. This will change the authorative user database from LDAP to a PostgreSQL database with a framework for updating and extracting info in the database. We will generate the LDAP database from the Cerebrum database. More info on Cerebrum is available from <URL:http://bugs.debian.org/228716> and <URL:http://cerebrum.sourceforge.net/>.
