Hi All,

Looking for advice on if I'm barking up the wrong tree with this approach. We have a need to create another special account type for certain users in our directory. For example, in our teaching application, if a user is a teacher identified by an attribute teacher=TRUE, then we want to create a "student view" user so they can see their course as a student would see it. The application cannot be modified easily to support different views /roles.

I'm thinking of using the loopback driver to create another user in the source directory e.g. userA has teacher=TRUE, then create a new user in a differnt OU, sv-userA.

I have it working and it seems to work quite well by just setting the operation destination DN to the new OU in the source tree and stripping some attrs like CN, Surname and providing new values.

Is this a valid use case for the loopback driver or am I setting myself up for trouble later on?

Any thoughts or advice appreciated. If this works out, we may also use a similar approach for creating privileged accounts.