I am working on the access control handling for user passwords (and other attributes)
i am just now trying to come up with a generic algorythm to determine who is allowed to write to a user's ldap entry, depending on which authority groups he is in. right now we have theses authority groups by default: admins, jradmins, teachers and students the basic rule is simple: - if a person is in the admins group , no one can write to his entry - if he is in jradmins, his entry is writeable by members of the group admins and - if he is in student or teacher he is writeable by both admins and jradmins. but we have authority_groups as a flexible thing. that means people can add new authority groups. question: what other authority groups are possible/likey? would they interfer with the above algorithm? what would be a good way to make this configurable by the local admin? (a config file in /etc/? how could that look like?) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
