<zitiere wer="Andreas Schuldei"> > I am working on the access control handling for user passwords (and other > attributes) > > i am just now trying to come up with a generic algorythm to determine who is > allowed to > write to a user's ldap entry, depending on which authority groups he is in. > > right now we have theses authority groups by default: admins, jradmins, > teachers and students > > the basic rule is simple: > - if a person is in the admins group , no one can write to his > entry > - if he is in jradmins, his entry is writeable by members of the > group admins and > - if he is in student or teacher he is writeable by both admins > and jradmins. > > but we have authority_groups as a flexible thing. that means > people can add new authority groups. > > question: what other authority groups are possible/likey? would > they interfer with the above algorithm? what would be a good way > to make this configurable by the local admin? (a config file in > /etc/? how could that look like?) > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] > > Hi! By having my teachers working with skolelinux since summer 2004, i can tell my needs on wlus:
For wlus i need admin users to be able to do all the things now done by root.(for now i'm forced to give away the root password, because i can't do this part of administration alone.) Jradmins in my understanding are students, so they've got to be able to change the classes/courses of teachers and students. Eventually they can create new Accounts for those authorities.(e.g. new students or teachers appear in the during the year) In my schools (classes 0-10) teachers _must_ be able to give a _new_ password to the students _without_ knowing the old one. Now i've got to come to one of 3 PC-rooms on 2 schoolbuildings if someone forgot his one. It would be nice, if they had a button 'generate password', so they don't have to deal with password rules ;-) Also a teacher should be able to put a student to his class/course or take him out. And - as i learned yesterday - he needs to create new student-accounts sometimes. readU Frank -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
