Roles & Groups

Daniel Hoffend dh at dotlan.net
Thu Sep 4 07:16:13 CEST 2014


Good morning

Just a quick answer regarding shared folders. Cyrus can only manage per user ACLs on folders. Cyrus is not aware of groups afaik.

Oh and please answer to the mailing list, so other people get a chance to help you as well. 

-- 
Regards
Daniel Hoffend

> Am 04.09.2014 um 04:21 schrieb Stuart Naylor <StuartIanNaylor at inbox.com>:
> 
> Thanks again Daniel,
>  
> I am struggling slightly with the documentation and never looked on that page as made a presumption Hosted wasn't the info I needed.
>  
> I really like the Kolab WAP as basically its a user, contact and resource manager.
> Its pretty easy to use and is so close to being able farm out user management to non technical HR staff rather than a sysadmin.
>  
> Apols but my main background is AD and with LDAP much of what I used before was hidden behind a GUI.
>  
> I have a tendancy to keep as pretty much "off the shelf" as I can as any changes I make can be a potential cul-de-sac for my clients choice of support.
>  
> I got confused slightly as I did create a group with members and in the shared folders tried to add that group.
> The permissions didn't seem to work with sharedfolders and the WAP interface seems to only want users.
>  
> Its just me trying to get a feeling to Kolab as I know where I want to go and I am trying to figure the best route.
>  
> Because I am stuck with M$ clients and a constant workload of new and changing users I am trying to use WAP in the directory for an AD 2012 server.
>  
> The 389-DS has a winsync and passsync plugin M$ dumps product in the educational non-profit arena and I do use samba4 from time to time.
>  
> I did notice setup-kolab has an --activedirectory command parameter but have no idea and can't find any documentation on its operation.
>  
> Because Kolab WAP is so tantilsingly close to providing everything without the need of a sysadmin I am a bit reluctant to do anything manually by ldap.
>  
> I understand your explanatition of roles and groups but to be honest I am struggling to see why the are different entities. Or at least you can apply a role to a group.
> A group is a role, a role is a group? Do you know what I mean.
> I understand now this is how Kolab works but my logic just feels its two mechanisms to do the same thing.
>  
> I need to do more playing with Kolab but at the moment questions like how to allow user addition and changes but not other kolab-admins account has me confused.
>  
> The site I am first aiming at is a community center that runs 2-4 hour courses and drop-in internet sessions.
> We might have several hundred users on the books (in the directory) with the majoirty being redundent.
> After being non active for 3 years they will be cleaned.
>  
> Each week a person might come in for half an hour or be on a course for a couple of hours.
> So even though we have a small system with only 30 concurrent users and maybe ocasionally people might use chwalla to grab course material remotely and check there calendar we are in an unusal position.
>  
> The admin of user management is very expensive in regards to actual usuage.
> I guess schools are similar but there turn over is much less.
>  
> :) Many thanks as usual absolutely full of great information.
>  
> I guess its my MS AD background and being stuck with M$ desktops where I keep thinking it would be much easier to apply roles to groups and be able to choose the group in WAP.
>  
> Cheers Daniel
>  
>  
>  
>  
>  
> On Wednesday 03 September 2014 13:37:41 Daniel Hoffend wrote:
> > You must see the bigger picture of LDAP and User Management. It's not
> > just
> > about a small email server. Many other applications support auth against
> > ldap servers including allowing access to certain resources via group
> > memberships.
> >
> > ## Groups
> >
> > You basically have 4 groups
> > * Standard Groups (groupOfNames)
> > * Unix Groups (aka posixGroup) similar to /etc/group but in ldap.
> > * Distribution List static (static mail distribution list)
> > * Distribution List dynamic (mail distribution list based on ldap search
> > filter)
> >
> > In additional the ldap servers can also provide ACLs for members of
> > group X
> > (example HR is allowed to write on some LDAP attributes in ou=People)
> >
> > ## Roles
> >
> > are something different. While groups are their own object roles are
> > basically
> > names/flags attached to an object (mostly user in this case).
> > Applications can
> > filter for those user attributes and react to this (similar to group
> > membership
> > but different and bound to a user).
> >
> > Example:
> > 1) The LDAP Server has an ACL that someone with the Role "kolab-admin"
> > is allowed
> > to write at the whole ldap directory
> > 2) Roundcube can be configured to enable certain modules or config
> > options based
> > to assigned roles
> >
> > You can find some use cases documented here:
> > https://docs.kolab.org/deployment-guide/hosted-kolab-groupware-deployment.ht
> > ml?highlight=role#differentiating-access-levels
> >
> >
> > Basically learn about LDAP and what LDAP can do or which application
> > could make
> > use of LDAP and how LDAP is beeing used in bigger enviroments. That it
> > all starts
> > to make sense. In a small SOHO enviroment with perhabs 5-50 mail
> > accounts roles
> > and groups might not be as important.
> >
> >
> > --
> > Regards
> > Daniel
> >
> >
> >
> >
> > ------ Originalnachricht ------
> > Von: "Stuart Naylor" <StuartIanNaylor at inbox.com>
> > An: "users at lists.kolab.org" <users at lists.kolab.org>
> > Gesendet: 03.09.2014 05:29:17
> > Betreff: Roles & Groups
> >
> > >Haven't really got Roles & groups into my thick skull.
> > >
> > >
> > >
> > >Are groups purely distribution groups?
> > >
> > >
> > >
> > >I created a shared folder and thought OK cool and a group to the
> > >permissions on that.
> > >
> > >Seems you can only add individual users as the group permissions didn't
> > >seem to work.
> > >
> > >
> > >
> > >So if anybody can give me a primer on groups and roles.
> > >
> > >
> > >
> > >I am struggling to see the difference or understand the difference
> > >between a role and group.
> > >
> > >
> > >
> > >Also with roles where do you set what that role can do.
> > >
> > >
> > >
> > >I will leave it as that as its obvious I am confused maybe someone can
> > >just supply a bit of info to this noob.
> > >
> > >
> > >
> > >Stuart.
> > >
> > >
> > >
> > >---------------------------------------------------------------------------
> > >----- Free Online Photosharing - Share your photos online with your friends
> > >and family!
> > >Visit http://www.inbox.com/photosharing to find out more!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.kolab.org/pipermail/users/attachments/20140904/2b913bfc/attachment-0001.html>


More information about the users mailing list