I'm not quite sure how to express this. I've always had a hard time grasping ldap concepts for some reason, but I know what I want to accomplish.
I want to have inherited, or overridable roles. I want to set up default roles for all servers, and have override settings.
So for a role "canFoo" with users A and B in it, I want in some other branch representing a specific server X "canFoo" with user C as a member. So users A and B have canFoo for all servers, and user C has this just for server X.
This way I have a list of default roles, and a number of servers can have individual role overrides. I want to use this same technique for server properties, but right now authentication is the issue.
Just letting me know the right term for this will help me in perhaps finding an example if it's possible.