[Mageia-sysadm] Groups, and UID ranges

Mon Nov 8 16:53:04 CET 2010

Right, so https://identity.mageia.org has been up for a while, and has most 
+features we need right now working (some others will be fixed, hopefully 
+today, by some more ACL fixes on the OpenLDAP side).
+
+For users that have registered (and are basically just inetOrgPerson entries 
+with cn,givenName,sn,mail,userPassword,preferredLanguage), the interface 
+(will) allow a member of the 'Account Admin' group to promote the account to a 
+posixAccount+sshPublicKey account. This will assign the next uid (taken from 
+the current uidNumber value of the sambaUnixIdPool object, which is 
+incremented on this sambaUnixIdPool object, before the account is promoted, in 
+order to allow us to use slapo-unique if we want), and the gidNumber from a 
+list of posixGroups.
+
+The list of groups presented is based on the results of an LDAP search.
+
+So, to proceed, we need to:
+-create some groups
+-decide on the UID/GID range we want to assign to users in LDAP
+
+After a user has been promoted, an account admin is able to add the user to 
+additional groups and add their ssh public key.
+
+We need to decide if we want users to be able to update their ssh public key 
+themselves. It is merely a matter of ACL+entry in the 
+catdap.yml/catdap_local.yml to change this.
+
+I will try and work on the ACLs later today, and ensure we are ready to point 
+applications and nss/pam at LDAP soon.
+
+Regards,
+Buchan
+