[Date Prev][Date Next]
It might interesting to implement some sort of user classification
system. Right now, the only way to classify users before apply
access controls is by playing naming games with sasl-regexp.
It would be nice to be able to define classes of users:
# user has a person entry associated with it
userClass person filter="(objectClass=person)"
# user is active
userClass active userClass=person filter="(active=TRUE)"
# user is local
userClass local userClass=person
(basically all ACL <who> factors could be used in defining
These could be computed after all other bind functions
(authentication, identity mapping, proxy authorization)
and stored in the connection structure for access (and
other) administrative controls. E.g.,
by userClass=local read
Anyways, this is just food for thought as I don't have the
time to code something like this.