objectClasses - linuxmuster/sophomorix4 GitHub Wiki
This diagram shows which files/commands create AD Objects, and what sophomorixRole(s) and sophomorixType(s)can be attributed to the objectClass:
At the moment, the sophomorixRole for devices is used only for display purposes (show all printers, ...) and to add a group for a printer
Later it might be used for other purposes.
Every line in <school.>devices.csv has a sophomorixRole in Field 9 which ist added to the computeraccount in AD:
- For every device: A dnsNode (and a dnsZone)
- If a sophomorixRole Field 9 leads to a computer account:
- A computer Account (objectclass=computer) with the
sophomorixRole<FIELD9>
- A computer Account (objectclass=computer) with the
To find out which sophomorixRole exist and which leads to a computer account see:
sophomorix-samba --show-roletype
- These are administration-software classes and are created when students are imported from a
<school>.students.csv-file . - The groupname ist the first field of the
<school>.students.csv-file - For the school
<school>they are prefixed with<school>-, to avoid name collisions with other schools. - For the
default-schoolthe prefix is omitted. - The status of classes can be: P=Permanent (deletable by --kill only), M=Managed (deletable if empty by sophomorix-class commands)
- These are additional classes created with
sophomorix-extraclasscommand.- Users created in the extraclass have status
Mand are students.
- Users created in the extraclass have status
- These is the group that is created when teachers are imported from a
<school>.teachers.csv-file . - The groupname ist forced to
<school>-teachers. - For the
default-schoolthe prefix is omitted.
- These are addtional groups created by an administrator
- project membership can be managed by admins of the project:
- sophomorixMembers
- sophomorixAdmins
- sophomorixMemberGroups
- sophomorixAdminGroups
- The groupname of a project is forced to begin with
p_ - a project has a share directory with acces to its members
- a project can provide additional quota:
- sohomorixAddQuota (increases quota on SMB-shares for members)
- sohomorixAddMailQuota (increases mail quota for members)
- a project can provide mail stuff:
- sophomorixMailAlias (create mail alias for members)
- sophomorixMailList (create maillist for the group with members)
- These are addtional groups created by an administrator
- Members are managed by an administrator ONLY
- NO share directory
- The groupname can be anything, but not allowed to begin with
p_(reserved for projects) - a sophomorix-group can provide additional quota:
- sohomorixAddQuota (increases quota on SMB-shares for members)
- sohomorixAddMailQuota (increases mail quota for members)
- a sophomorix-group can provide mail stuff:
- sophomorixMailAlias (create mail alias for members)
- sophomorixMailList (create maillist for the group with members)
- every group created by
sophomorixhas an AD attributesophomorixType. - The attribute
sophomorixTypeis automatically assigned to the groups by sophomorix
Overview of Group-Types created by sophomorix:
| sophomorixType | created for sophomorixRole/Type | Description | Example |
|---|---|---|---|
| adminclass | Role: student | class of students | <s-><any-class-name> |
| teacherclass | Role: teacher | group of teachers | <s->teachers |
| project | --- | teacher-picked members | p_<any-name> |
| sophomorix-group | --- | admin-picked members | <any name> |
| room | All device roles | group of devices | <any name> |
| printer | Role: printer | group of a printer | dnsNode name of device |
| admins | Role:schooladministrator | power over one school | <s->admins |
| school | Role: all user roles | one group for each school | |
| powergroup | teacher,student,globaladministrator | power over all schools | global-admins,global-teachers, ... |
| alladmins | Type: admins | hirachical members | all-admins |
| allinternetaccess | Type: internetaccess | hirachical members | all-internet |
| allwifiaccess | Type: wifiaccess | hirachical members | all-wifi |
| allwebfilter | Type: webfilter | hirachical members | all-webfilter |
| allintranetaccess | Type: intranetaccess | hirachical members | all-intranetaccess |
| allprinting | Type: printing | hirachical members | all-printing |
| ouclass | Type: adminclass | students of a school | <s->students |
| allclass | all-students, all-teachers | ||
| allschool | all users of all schools | "SCHOOLS" |
<s>: schoolname
Managementgroups:
They are special groups. As members they have only users (not other groups). They change dynamically to allow/disallow the members certain actions defined by usermembership.
| sophomorixType | Description |
|---|---|
| internetaccess | members have internetaccess |
| wifiaccess | members can use wifi infrastructure |
| webfilter | members use webfilter |
| intranetaccess | members have intranetaccess |
| printing | members can print |
| alladmins |
- every user created by
sophomorixhas an AD attributesophomorixRole.
Existing Roles:
| sophomorixRole | Description |
|---|---|
| teacher | Teacher with administrative acces to students |
| student | student |
| examuser | user in an exam |
| globaladministrator | Administrator, access to all schools |
| schooladministrator | Administrator access to one school |
| globalbinduser | user for a bind to AD to access all schools |
| schoolbinduser | user for a bind to AD to access all schools |
Proposed Roles:
| Rolle | Beschreibung |
|---|---|
| guestteacher | limited teacher ?? |
| powerstudent | student with more power ?? |
| janitor | student-like, but equal to teachers |
Todo