[Mageia-sysadm] LDAP group for translator, delegation

Buchan Milne bgmilne at staff.telkomsa.net
Tue Feb 22 15:18:18 CET 2011 

On Tuesday, 22 February 2011 15:12:35 Michael Scherer wrote:
> Le dimanche 20 février 2011 à 17:11 +0200, Buchan Milne a écrit :
> > On Saturday, 19 February 2011 17:07:28 Michael Scherer wrote:
> > >  For delegation, I know that some stuff are planned in catdap, but for
> > >  the moment do people think
> > >  this is ok to place team leader as owner of the group in ldap, and ask
> > >  them to use a ldap editor ( for those
> > >  that know it, of course ). The connexion should be secured, and the
> > >  access should be simple enough, but
> > >  we should better check twice
> > 
> > I have added some initial group editing code. It is available on
> > https://identity-trunk.mageia.org . If the user logged in to CatDap is a
> > member of the 'Group Admins' system group, they will see an additional
> > "menu" item at the top, 'Group Admins'.
> 
> Would it be possible to get the list of people from the owner attribute
> of others group ?

Well, not if we want to stick with Catalyst roles here. 

> I am not keen on keeping a list of people who can edit
> group on several location :/

Maybe we should use slapo-autogroup (not sure if it is currently in the 
package we have, it is in my current-in-progress openldap package here) here 
to keep the group updated? I will think about it.

> > By default, the view will show a search box, as well as a list of groups
> > of which the user is an owner.
> > 
> > A non-Account-admin, whose DN is listed in the owner attribute of the
> > group, will be able to edit the members and owners of the group.
> > 
> > Account admins can also edit the owners and members of the group. While
> > the members/owners are displayed with their full DN, they can (only) be
> > added by username.
> > 
> > Please test it, including users who are not Account Admins.
> 
> I see nothing, I guess I will add myself in the group to test.

Users in 'Account Admins' can access it from Account Admins->Groups. If you 
are not in Account Admins, you need to be in Group Admins, to see it.

BTW., you were testing on https://identity-trunk.mageia.org ?

> BTW, I have added myself and ennael as owner of the 2 groups for
> packager ( as we were elected representatives ), I am gonna do the same
> for wobo and oliver once I created the group for translators.

Cool.

Regards,
Buchan

More information about the Mageia-sysadm mailing list