[dev] Horde Group Policy Objects

[Chuck Hagenbuch]

Quoting Ben Chavet <ben at horde.org>:

> After responding to the LDAP SoC thread, my brain has been going crazy
> about the possibility of applying GPO style prefs to horde.  I wrote
> up some quick notes in the wiki (http://wiki.horde.org/HordeGPO) about
> it, and would really like some feedback.
>
> This is definitely something that I would like to see take shape.

Looks good, and very useful. A few comments on the wiki page:

- you say that a GPO target could be an OU if using LDAP. I feel  
pretty strongly right now that this should be handled by the  
Groups_ldap driver, instead of being another special case.

- this is semantic, but I'd prefer HGPO_overridable to  
HGPO_override_user_settings

- prefs caching does us a world of good here, in terms of only having  
to build and apply any applicable GPOs at user login. it'd be  
important to make sure that guest sessions included cached guest  
preferences, though, for any real use of this with guest users. I  
don't think we currently do that.

- we've been looking at prefs.xml for a while. One consideration is  
how to allow for custom prefs, or if we still need to do that (could  
just be, if you need them, you modify prefs.xml - but I can see  
needing to be more flexible).

- with something like this in place I think it would make more and  
more sense to move everything that's at all user-related in conf.php  
files to this system. Things like "user capabilities" in both Horde  
and IMP - they can even be locked (overridable = false?) by default,  
but letting people easily manage them on a per-group basis, or  
whatever, sounds very good to me.

If there were a way to manage, say, IMAP server configs, or other  
backend configurations (sieve servers, etc.) using this system, that  
would be even better.

All in all, I really like it as a direction.

-chuck

-- 
"we are plastered to the windshield of the bus that is time." - Chris