General introduction

this new version of WLS tries to provide an easier and more intuitive
user administration interface. it also strives to provide support for
school-specfic things like classes and age-groups, different authority
levels like "student", "teacher" and "admin" and the possibility for
teachers to punish the students, but not vice versa. (c:

This version of WLS needs a few new ldap components from the
lis.schema to work properly. so you might start over with a clean
database if you want to test it. in the future an upgrade path will
be provided to do this migration for you automatically. 


How to install and use this beta release

you need to add this to your sources.list:
deb http://developer.skolelinux.no/~andreas/debs ./

apt-get update; apt-get install webmin-ldap-skolelinux

add the line 
include      /etc/ldap/schema/lis.schema
to your /etc/ldap/slapd.conf

!!!! this will purge your ldap directory!!!!!!
and run 

ldap-skolelinux-install
!!!! this will purge your ldap directory!!!!!!



outstanding things

* the authority groups are implemented, but need access control
  lists on the slapd side to have any effect.
  - check for hardcoded "student" "teacher" and "admin" calls and
    replace them by proper ldap calls
  - add slapd.conf acl rules according to the thread on
    devel@s.n, especially Message-ID:
    <y6wzneixi19.fsf@shaitan.uio.no>.
  - fill in the check_authorisation call in WebminLdapUsers.pm
    with logic to find out if a user is allowd to do a change
    (this is optional, he might equally well try a forbidden
    operation and fail, for a start)

DONE:
* an upgrade path for the new elements in the lis.schema
  and upgrade the directory with needed new elements
  - write a perl script that 
    - update the ldap directory to sid's and sarge's ldif format
      (check out sid's slapd's postinstall for how to do that)
    - add a nextID field (check out ldap-users.pl for working
      code)
    - add to every group a objectClass "lisGroup", groupType and
      ageGroup attribute and figure out a way to set it correctly
      "private" is a hot candidate if there is a user with the
      same name and uid. 
    - add a capabilities field to Variables and fill in these
      changes. look for ext2fs for examples how a forward
      compatible capabilities field looks like. 
    - add a check to ldap-users.pl to check the present
      capabilities of the ldap database and see if they suffice
      to run the wls. runtime automatic upgrade of the ldap
      database is dangerous and should be discouraged. operation
      on an ldif dump is save.

* integrate ageGroups better. 
  - expand fileimport and entermanyusers to provide fields for
    ageGroups

* expand the search option to search for the differnt kind of
  groups.

* add an admin option to preselect all search results for admin
  operations

* make the admin operations work with groups
  - the ldap backend funktions are not yet funktional

* add options to delete all users in a group

* refacturate WebminLdapSkolelinux and ldap-users.pl. some code
  is very similar for similar operations on users and groups. OO
  programming could help here, partly.

* add advanced search options
  - add a menu and logic to combine several search criteria into
    one search

DONE for users
* add icons in the search result admin screen to represent if a
  given user or class may login or not

* add operations for disabling/enabling internet access

you can check out the webmin-ldap-skolelinux or ldap-skolelinux
source with
cvs -d /var/lib/cvs co -d wls -r from_wls_20031110_BRANCH skolelinux/src/webmin-ldap-skolelinux
cvs -d /var/lib/cvs co -d ls -r from_ls_20031110_BRANCH skolelinux/src/ldap-skolelinux

!attention! ldap skolelinux is merged in cvs HEAD with some other
package, by now. this does work non-the less.
