[Mageia-sysadm] LDAP group for translator, delegation

Buchan Milne bgmilne at staff.telkomsa.net
Sun Feb 20 16:11:49 CET 2011 

On Saturday, 19 February 2011 17:07:28 Michael Scherer wrote:
>  Hi,
> 
>  After the meeting of i18n, where people asked me to come to discuss tx,
>  I discovered
>  that it was not working for people outside of me, due to various acl
>  issues.
> 
>  So now this is fixed ( rev 1139 ), there is the question of who should
>  access transifex.
> 
>  Jehane on #mageia-i18N proposed to have the access for each tranlator (
>  sound good ),
>  and I proposed to restrict staff/super user privileges to team leader.
>  ( I do not know yet
>  what it mean for transifex ).
> 
>  First question :
> 
>  Should we have 1 big group for that, and let people manage the various
>  subteams outside
>  of ldap, or have 1 group per language ?
> 
>  1 big group is easier, and we can delegate the management to 1/2 person
>  ( ie i18n team leader ).
> 
>  Several group is IMHO more scalable, but this requires more work on our
>  side. And this will not
>  map to permission on tx and the blog, among others.
> 
>  Second question :
> 
>  For delegation, I know that some stuff are planned in catdap, but for
>  the moment do people think
>  this is ok to place team leader as owner of the group in ldap, and ask
>  them to use a ldap editor ( for those
>  that know it, of course ). The connexion should be secured, and the
>  access should be simple enough, but
>  we should better check twice

I have added some initial group editing code. It is available on 
https://identity-trunk.mageia.org . If the user logged in to CatDap is a 
member of the 'Group Admins' system group, they will see an additional "menu" 
item at the top, 'Group Admins'.

By default, the view will show a search box, as well as a list of groups of 
which the user is an owner.

A non-Account-admin, whose DN is listed in the owner attribute of the group, 
will be able to edit the members and owners of the group.

Account admins can also edit the owners and members of the group. While the 
members/owners are displayed with their full DN, they can (only) be added by 
username.

Please test it, including users who are not Account Admins.

There is still a lot to do, but it works.

Regards,
Buchan

More information about the Mageia-sysadm mailing list