On Mon, Mar 14, 2005 at 05:15:07PM +0100, Andreas Schuldei wrote: > Since i came back from my vacation i > - investigated the options of doing access limitations for > special groups (aka jradmins) in ldap. ACIs seem able to do the > job. slapd in experimental has ACIs enabled. (they seem to be > necessary for cerebrum, too)
i started implementing this, using yet an other way: I am not using ACIs but add to every user entry an attribute indicating which groups are allowed to write to it. so normal teachers and students would have two attributes writeableBy jradmins writeableBy admins People in the jradmin group would only be writeable by people in the admins group and admins would only be writeable by themselfs (and admin, who is allowed to do everything, anyway) normal ACLs would be able to enforce this. An alternative way (using sets) was not chosen because of its instability. while working on this i switched slapd to version 2.2 and upgraded my slapd.conf file. perhaps i found someone who is willing to help with the cerebrum adjustments necessary for debian-edu. time will show. (c: i also went over the debconf sponsors again, re-approaching the ones that did not react yet or were still outstanding. Some light on the horizont! again i spend a lot of time on DPL campaining issues and a bit on sponsoring of packages. Next week i will be in italy playing beach volleyball, only working as recreation. (c: -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
