[Date Prev][Date Next] [Chronological] [Thread] [Top]

User classes



It might interesting to implement some sort of user classification
system.  Right now, the only way to classify users before apply
access controls is by playing naming games with sasl-regexp.

It would be nice to be able to define classes of users:
	# user has a person entry associated with it
	userClass person filter="(objectClass=person)"

	# user is active
	userClass active userClass=person filter="(active=TRUE)"

	# user is local
	userClass local userClass=person
		dn.children="ou=people,dc=example,dc=com"

(basically all ACL <who> factors could be used in defining
a userClass.)

These could be computed after all other bind functions
(authentication, identity mapping, proxy authorization)
and stored in the connection structure for access (and
other) administrative controls.  E.g.,

	by userClass=local read

Anyways, this is just food for thought as I don't have the
time to code something like this.

Kurt