[Mageia-sysadm] Groups, and UID ranges
Buchan Milne
bgmilne at multilinks.com
Mon Nov 8 16:53:04 CET 2010
Right, so https://identity.mageia.org has been up for a while, and has most
features we need right now working (some others will be fixed, hopefully
today, by some more ACL fixes on the OpenLDAP side).
For users that have registered (and are basically just inetOrgPerson entries
with cn,givenName,sn,mail,userPassword,preferredLanguage), the interface
(will) allow a member of the 'Account Admin' group to promote the account to a
posixAccount+sshPublicKey account. This will assign the next uid (taken from
the current uidNumber value of the sambaUnixIdPool object, which is
incremented on this sambaUnixIdPool object, before the account is promoted, in
order to allow us to use slapo-unique if we want), and the gidNumber from a
list of posixGroups.
The list of groups presented is based on the results of an LDAP search.
So, to proceed, we need to:
-create some groups
-decide on the UID/GID range we want to assign to users in LDAP
After a user has been promoted, an account admin is able to add the user to
additional groups and add their ssh public key.
We need to decide if we want users to be able to update their ssh public key
themselves. It is merely a matter of ACL+entry in the
catdap.yml/catdap_local.yml to change this.
I will try and work on the ACLs later today, and ensure we are ready to point
applications and nss/pam at LDAP soon.
Regards,
Buchan
More information about the Mageia-sysadm
mailing list