l�r, 05,.03.2005 kl. 12.38 +0100, skrev Petter Reinholdtsen: > Recently, on the norwegian user list, the wish for delegating access > to change passwords have been expressed. As far as I know such > delegation need to be fixed in the LDAP database (slapd) with the > current design of the user database in Debian Edu. The plan for a > long term solution for this problem is to start using Cerebrum, which > give us more control over the access rights and the possibility to > grant access to subgroups. > > But Cerebrum isn't ready to go into Debian Edu yet, and it would be > nice if we could find some short term solution as well. Is it > possible to adjust the current LDAP configuration to grant password > change access to a group of LDAP users? I would like to grant such > access to all users in the teacher group. I suspect this is > impossible without changing the structure of the LDAP tree, and we do > not want to do that as it would make the existing installations > incompatible.
As far as I can see, the teacher group already has this authority. When a member of teacher logs into webmin, the have access to the ldap user module. There they can change the password for a student, but *only* if they first type in the old user password (which the student has lost...). This makes this function rather pointless. Forgive me if I have misunderstood this, I haven't tried it, but it seems like it is like I described above. I am the one who raised this on the Norwegian list, because I administer 2300 users in the town of Kongsvinger, Norway. The people at IT- department are the only ones who know root's password. The teachers don't. So when a student forgets his or her password (which actually happens quite often), the teacher has to send an email to me, so I can reset the password, and then email it back to the school. Instead I would like that teacher-group could change the passwords for students without typing in an old and forgotten password. > Any suggestions or ideas? none on how to solve this, but I'm still optimistic - as always. Regards Trond M�hlum > -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
