1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
|
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
<HTML>
<HEAD>
<TITLE> [Mageia-sysadm] Groups, and UID ranges
</TITLE>
<LINK REL="Index" HREF="index.html" >
<LINK REL="made" HREF="mailto:mageia-sysadm%40mageia.org?Subject=Re%3A%20%5BMageia-sysadm%5D%20Groups%2C%20and%20UID%20ranges&In-Reply-To=%3C201011081653.04866.bgmilne%40multilinks.com%3E">
<META NAME="robots" CONTENT="index,nofollow">
<META http-equiv="Content-Type" content="text/html; charset=us-ascii">
<LINK REL="Previous" HREF="000383.html">
<LINK REL="Next" HREF="000395.html">
</HEAD>
<BODY BGCOLOR="#ffffff">
<H1>[Mageia-sysadm] Groups, and UID ranges</H1>
<B>Buchan Milne</B>
<A HREF="mailto:mageia-sysadm%40mageia.org?Subject=Re%3A%20%5BMageia-sysadm%5D%20Groups%2C%20and%20UID%20ranges&In-Reply-To=%3C201011081653.04866.bgmilne%40multilinks.com%3E"
TITLE="[Mageia-sysadm] Groups, and UID ranges">bgmilne at multilinks.com
</A><BR>
<I>Mon Nov 8 16:53:04 CET 2010</I>
<P><UL>
<LI>Previous message: <A HREF="000383.html">[Mageia-sysadm] [121] style update
</A></li>
<LI>Next message: <A HREF="000395.html">[Mageia-sysadm] Groups, and UID ranges
</A></li>
<LI> <B>Messages sorted by:</B>
<a href="date.html#387">[ date ]</a>
<a href="thread.html#387">[ thread ]</a>
<a href="subject.html#387">[ subject ]</a>
<a href="author.html#387">[ author ]</a>
</LI>
</UL>
<HR>
<!--beginarticle-->
<PRE>Right, so <A HREF="https://identity.mageia.org">https://identity.mageia.org</A> has been up for a while, and has most
features we need right now working (some others will be fixed, hopefully
today, by some more ACL fixes on the OpenLDAP side).
For users that have registered (and are basically just inetOrgPerson entries
with cn,givenName,sn,mail,userPassword,preferredLanguage), the interface
(will) allow a member of the 'Account Admin' group to promote the account to a
posixAccount+sshPublicKey account. This will assign the next uid (taken from
the current uidNumber value of the sambaUnixIdPool object, which is
incremented on this sambaUnixIdPool object, before the account is promoted, in
order to allow us to use slapo-unique if we want), and the gidNumber from a
list of posixGroups.
The list of groups presented is based on the results of an LDAP search.
So, to proceed, we need to:
-create some groups
-decide on the UID/GID range we want to assign to users in LDAP
After a user has been promoted, an account admin is able to add the user to
additional groups and add their ssh public key.
We need to decide if we want users to be able to update their ssh public key
themselves. It is merely a matter of ACL+entry in the
catdap.yml/catdap_local.yml to change this.
I will try and work on the ACLs later today, and ensure we are ready to point
applications and nss/pam at LDAP soon.
Regards,
Buchan
</PRE>
<!--endarticle-->
<HR>
<P><UL>
<!--threads-->
<LI>Previous message: <A HREF="000383.html">[Mageia-sysadm] [121] style update
</A></li>
<LI>Next message: <A HREF="000395.html">[Mageia-sysadm] Groups, and UID ranges
</A></li>
<LI> <B>Messages sorted by:</B>
<a href="date.html#387">[ date ]</a>
<a href="thread.html#387">[ thread ]</a>
<a href="subject.html#387">[ subject ]</a>
<a href="author.html#387">[ author ]</a>
</LI>
</UL>
<hr>
<a href="https://www.mageia.org/mailman/listinfo/mageia-sysadm">More information about the Mageia-sysadm
mailing list</a><br>
</body></html>
|
