ti, 2010-01-19 kello 20:47 -0800, Steve Rippl kirjoitti: > Scott Balneaves wrote: > > https://wiki.ubuntu.com/Edubuntu/NewUserAdminTool
> That looks potentially very useful. The idea of having plugin scripts > is excellent. Have you though about rights delegation? I'm thinking a > sysadmin might for example control adding and removing users (by > whatever method, this tool or otherwise), but might want to allow a > teacher to reset passwords, group kids, or change some other attribute > of students in their class. Could certain users just be able to use > certain "commands". Could this be handled via groups perhaps? All > 'teachers' get these rights, all 'power-teachers' get those etc. I've been involved in managing Ubuntu based LTSP server for some years and in the process we have accumulated piles of tools to manage users. Over the years we have settled mostly with web UI for ldap+kerberos and some magic for laptops to get offline authentication working also. The concept of our current custom built system is this: * all web based tool - quite a few admins in school manage users also from windows workstation or remotely * hardcoded hierarchy: schools - groups - users - this makes the UI way easier to user * groups can also be nested - this is quite heavy on ldap, though * data is stored in ldap and ldap schema is fixed and hardcoded in the tool with samba attributes - no separate samba-ldap scripts * bulk import of users using csv data * system groups (audio, video, etc.) are left out and handled in pam modules instead * teachers are able to change the passwords of kids in their own school * shared folders are done using ACLs and groups that tell the class of the user What I have learnt over the years is that the simpler the UI is, the better. There are currently three interfaces - one to administer users, one to change password and one to change password for another user. Especially the easy way to change passwords for other users has been a success. This has worked quite well for the schools we are taking care of. There was a poor choice of architecture when building this, though, so we are now in the process of rewriting it so that one can actually maintain the code. We are trying to get it out really soon now. A web based system won't be the same as an application with a GUI, though, but many of the concepts are probably the same. Veli-Matti -- edubuntu-devel mailing list edubuntu-devel@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/edubuntu-devel
