-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Andreas Barth skrev: > * Thijs Kinkhorst ([EMAIL PROTECTED]) [050802 13:41]: > >>And even then, appearently the DAM works like this: I approve person X, >>let's check his box, but I'll add the account at some point later on (this >>takes weeks on average). When you check the box you might add the account >>aswell when you're at it, right? > > > Just that the person who checks the reports is not root in Debian's ldap > system.
There is delegation and group access available in OpenLDAP. So, one would not need to have write access to the whole directory tree, only to the necessary branches. Also, this could very well be handled the same way as .commands on ftp-master.d.o, that is, by requiring valid signatures of ldap commands in ldif format from a limited number of people operating on a restricted part of the ldap tree. Just a thought, no flames please :) // Tomas -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.0 (MingW32) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFC726ywYdzVZ/o1QQRAv8tAJ9gBsOJ6j+xqL1wR1ezmtsnnzFxvgCfaKFE zy5shd7inv3al0LliXc6XcY= =hUtq -----END PGP SIGNATURE----- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
