[Mageia-sysadm] Groups, and UID ranges

Buchan Milne bgmilne at multilinks.com
Mon Nov 8 16:53:04 CET 2010


Right, so https://identity.mageia.org has been up for a while, and has most 
features we need right now working (some others will be fixed, hopefully 
today, by some more ACL fixes on the OpenLDAP side).

For users that have registered (and are basically just inetOrgPerson entries 
with cn,givenName,sn,mail,userPassword,preferredLanguage), the interface 
(will) allow a member of the 'Account Admin' group to promote the account to a 
posixAccount+sshPublicKey account. This will assign the next uid (taken from 
the current uidNumber value of the sambaUnixIdPool object, which is 
incremented on this sambaUnixIdPool object, before the account is promoted, in 
order to allow us to use slapo-unique if we want), and the gidNumber from a 
list of posixGroups.

The list of groups presented is based on the results of an LDAP search.

So, to proceed, we need to:
-create some groups
-decide on the UID/GID range we want to assign to users in LDAP

After a user has been promoted, an account admin is able to add the user to 
additional groups and add their ssh public key.

We need to decide if we want users to be able to update their ssh public key 
themselves. It is merely a matter of ACL+entry in the 
catdap.yml/catdap_local.yml to change this.

I will try and work on the ACLs later today, and ensure we are ready to point 
applications and nss/pam at LDAP soon.

Regards,
Buchan


More information about the Mageia-sysadm mailing list