[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [K12OSN] Pinch me...

Shawn Powers <spowers inland k12 mi us> wrote:

What has proven to be the best way for users to change their password?

2) Jamie Cameron (the developer of Webmin/Usermin) released a beta of the
next version last week. Version 1.099 includes a "LDAP Users and Groups"
module - I haven't looked at the corresponding version of Usermin yet to
see if hooks into the LDAP functionality.

I only started down the LDAP road a couple of weeks ago, myself, and have
had a few false starts but have got it basically working. I've struck a few
small problems with the Webmin LDAP U&G module, though - most notably that
I don't seem to be able to create new users on RH9 (can't create a user
without a group and can't create a group with no users, so can't create a
user in the RH "private group" system). Jamie says it works fine for him on
Caldera 3.1, so perhaps it's a Red Hat LDAP schema thing - and this being a
background project, I haven't had a chance to investigate further.

Just change the home directories for those students
that failed, and then with a simple bash script loop -- remove all the
users that graduated.  Does anyone have better ideas for this?

3) I'm not sure you need to be that complex. When students graduate, you're
going to have to disable their accounts anyway, and as part of that
process, you can remove their home directories. Of course, by then you'll
have handed them a CD-ROM with all their work on it, right? <g>

If you're using Webmin, I recently created a Perl script that can take a
report file from our local school systems admin program and can create a
batch import file for Webmin. See:


if it might be of any use to you. Creating a batch deletion file is a
trivial modification (uncomment one line, comment out the 'create' one).
Since I'm going the LDAP route, too, I'll be looking at doing a version
that uses the Net::LDAP module to create the accounts directlly. Watch that
space. . .

4) On the order of setting up servers and where to locate services: my
suggestion is to set up the LDAP server on the internal box and *if* you
need access to it from the outside to forward a port through the firewall
or perhaps proxy it somehow. But I don't have any strong arguments for
this; I'm sure I don't fully appreciate the subtleties of your
requirements. My general philosophy is to err on the side of caution when
the privacy of children is involved.

6) We're experimenting with Squirrelmail for web-based mail access. It's
pretty, easy to customize, and has lots of add-ins like calendar and to-do

Good luck with your summer project!


--- Les Bell, RHCE, CISSP

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]