Hello everybody,
I've begun researching your suggestions and I am leaning towards the
openLDAP suggestion. I need some help with direction of my further research
please.
I should have little problem installing it in Edubuntu 12.04 as it s
included in the Software Center. And I should have
Hi Robert,
With OpenLDAP you have a server and a client. Server is the user
database, client can query the database and authenticate against it.
These links should definitely explain everything you want to know about
setting up the client:
On 10-11-12 02:35, Robert Lefebvre wrote:
There are some other benefits as well to using php and a database.
100% agreed. Besides everything already suggested, the best solution
for this IMVHO is still to use LDAP (lightweight directory access protocol).
As suggested, you could create a script that specifically does what you
want, and only give PHP sudo access to that specific script. That would
be more secure than what you're suggesting.
However.. - LDAP.
Kindest regards,
Jan Middelkoop
Recreatie en Zorg Groep B.V.
--
Website:
Thanks Jan. Will definitely do that.
On Mon, Nov 12, 2012 at 8:40 AM, Jan Middelkoop j...@recreatie-zorg.nlwrote:
As suggested, you could create a script that specifically does what you
want, and only give PHP sudo access to that specific script. That would
be more secure than what you're
For the love of god, please use 389 Directory Server or OpenLDAP!
Speaking from experience with 389 DS, it'll not only give you the user
interface you're looking for out of the box, but it'll also be a heck of
a lot more secure and robust than your PHP solution.
Kindest regards,
Jan
On a side note, if you absolutely -must- torture yourself by doing this
with PHP, at least add the user running your PHP script (apache?) to
/etc/sudoers. You can give it access to run the proper useradd commands
as root, which is a lot better than having it write to /etc/passwd.
Kindest
Hi,
I would suggest an alternative, using pam_access.so, which would
probably still require a script or something to be executed with root
privileges, but would not mess with /etc/passwd.
- enable pam_access in /etc/pam.d/common-account
account required pam_access.so
- edit
I agree with Bettina, using usermod is MUCH better than editing the
/etc/passwd file.
You'll just need to setup /etc/sudoers.conf to allow the php program to run
usermod. Actually, I'd write a script. maybe call it 'disable_user' and
'enable_user'
and setup sudo to allow THAT script to be
On Fri, Nov 09, 2012 at 10:11:56AM -0500, Robert Lefebvre wrote:
I want to be able to give write to the etc/passwd file privileges to the
teachers so that they can suspend and restore their student's user privileges.
Of course, using some sort of frontend *might* be a good idea...
Instead of
Hey, thanks for all the great replies.
The reason for using PHP is that I use the list of registered users in
Ubuntu as the master data list for a number of present and future custom
website functionality. For example, the PHP pulls the list and creates a
form to manage their electives. Their
In your php code:
system( sudo /usr/local/bin/lock_user $the_user );
You'll need to create a script called /usr/local/bin/lock_user that
contains:
#!/bin/bash
passwd --lock $1
Make it executable and then, you'll need to add an entry to the sudoers
file to allow www-data to run the
12 matches
Mail list logo
