On 11/23/2013 01:41 AM, Daniel Berteaud wrote: >> But otherwise the user can change it afterwards. > > I'll probably patch my installation so that USER_EMAIL header > override what is in the database. I usually prefer controlling > everything in one place: my LDAP server. When the company change the > domain name, or their email policies (changing from daniel.berteaud > to d.berteaud for example), I just set it in one place, then the > WebSSO will export it to all my webapps, and everything will be > updated automatically.
I need to add some way for system administrators to enforce any settings, such as maximum expiration time, and now also email. This is definitely also something I need. There is a bit too much scattering in the code, and I would like to avoid adding checks in a million places. For instance, if you enforce email, I'd like to hide the email field from the preferences (or turn it readonly). I would like to apply that logic for most fields in ticket/grant creation. (no clear idea/plan about doing it yet)