Allow user creation/login through OpenID with automatic role/department/project membership assignation based on OID tokens (role/group).

Could also be combined with existing LDAP authorization to "pre-fetch" users before they log in.