----- Forwarded message from Andreas Schuldei <[EMAIL PROTECTED]> -----
Forwarded on request from Andreas. | Date: Mon, 1 Nov 2004 13:48:59 +0100 | From: Andreas Schuldei <[EMAIL PROTECTED]> | Subject: Re: User Administration | To: Runo Forrisdahl <[EMAIL PROTECTED]> | | On Mon, Nov 01, 2004 at 10:46:11AM +0100, Runo Forrisdahl wrote: | > How much work needs to be done to enable anyone in group admins to | > create/delete/modify user(s)/group(s) and passwords? | | well, it is hard to estimate that time and work volume. are you | interested in doing it? i would love to hear more from you. | | there are two ways i see just now. | | 1) with the present layout based on ldap | - you need to extend openldap ACLs to be able to operate both | based on posix-group membership *granting* the access and on | posix-group membership as a target for access. example: | members in the jradmina group (granting) are allowed to change | passwords for members in the teachers and students group | (target). (? weeks) | - then only some minor tweaks in the webmin-ldap-user-simple | module are needed. (1-2 days) | | this option requires some insight into the inner working of | openldap. One would guess that it had been done allready had | it been easy. It should be possible, though. | | 2) with the future cerebrum backend and ldap as the directory | frontend, and webmin as the gui | - switch webmin-ldap-user-simple to use cerebrum as a backend. | (2-4 weeks) | - get the cerebrum package up to speed 3-5 weeks including | preconfiguration, a debian-edu profile with spreads etc, | (work in progress) | - get import and export filters written (uncertain, might take | only a week) | - provide an upgrade path from flat files (2 weeks?) or | present WLUS setup with data stored in ldap (4 weeks) | - more work which i am unaware of atm | | this option is the one i pursue right now and that i would | recommened to consider more closely. see also | http://developer.skolelinux.no/~andreas/wishlist.txt | | > Are the admins and Jr. admins groups intended to preform these tasks? | | yes ----- End forwarded message ----- -- Runo F�rrisdahl - Infostream http://www.infostream.no/
