(or perhaps some other name, as Microsoft may have a copyright on that term)
The idea of Horde Group Policy Objects (HGPO) is to implement a replacement for the current prefs system, modeled after how Group Policy Objects work in a Microsoft Active Directory. Including a nice administrative GUI, meaning no more editing prefs.php files, and happier admins :)
+ app | + prefgroup | | + pref | | + pref | + prefgroup | + pref + app + prefgroup + pref
Possible DB schema, extending existing prefs schema:
horde_prefs table: pref_uid, pref_scope, pref_name, pref_value, HGPO
horde_gpo table: HGPO_ID, HGPO_name, HGPO_target, HGPO_target_type, HGPO_overridable
At login, all applicable GPO's should be loaded and cached. We should also try to do something to cache GPO's for guest sessions.
http://www.microsoft.com/technet/itsolutions/msit/security/grppolobjectmgmt.mspx - gives a good overview on how MS GPO's work, and a nice graphic that really helped me visualize the internal workings.
- with something like this in place I think it would make more and
more sense to move everything that's at all user-related in conf.php
files to this system. Things like "user capabilities" in both Horde
and IMP - they can even be locked (overridable =3D false?) by default,
but letting people easily manage them on a per-group basis, or
whatever, sounds very good to me.
this type of system for all of the configs (except for maybe the very =20
basic stuff, like authentication). Doing so would let different =20
groups have different configs, which might be helpful for sites =20
hosting for various groups.
If there were a way to manage, say, IMAP server configs, or other
backend configurations (sieve servers, etc.) using this system, that
would be even better.
targets as necessary. Same way that printers can be assigned in an =20
active directory. "group A uses this IMAP server, group B uses this =20
other IMAP server, group C gets to specify their own IMAP server." The =20
possibilities are endless! I love it!