[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

other authority groups?

I am working on the access control handling for user passwords (and other attributes)

i am just now trying to come up with a generic algorythm to determine who is allowed to
write to a user's ldap entry, depending on which authority groups he is in.

right now we have theses authority groups by default: admins, jradmins, teachers and students

the basic rule is simple: 
- if a person is in the admins group , no one can write to his
- if he is in jradmins, his entry is writeable by members of the
  group admins and 
- if he is in student or teacher he is writeable by both admins
  and jradmins.

but we have authority_groups as a flexible thing. that means
people can add new authority groups.

question: what other authority groups are possible/likey? would
they interfer with the above algorithm? what would be a good way
to make this configurable by the local admin? (a config file in
/etc/? how could that look like?)

Reply to: