Improved LDAP support
The current LDAP support is very limited and should be extended massively:
- synchronisation only of users, not disabling groups etc.
- cyclic autmatic synchronization without user invasion (or direct access to LDAP without local storage)
- support for multiple LDAPs (failover)
- support for LDAP groups
- distinguish between Unix Usernames (case sensitive) and Windows usernames (case insensitive)
Would really be very nice, if that could be done!
AdminAndrew McMillan (Admin, DAViCal) commented
There are some more enhancements to LDAP groups in 0.9.9.2, with bugfixes and enhancements from several contributors.
Michael Rausch commented
LDAP groups have basic support in version 0.9.9. However, it does not work all fine, because groups get created anew every time you trigger LDAP group sync.
I have improved the LDAP drivers in davical a bit and fixed the above mentioned issue. Basically, group import is working flawlessly and there is also a new config variable to blacklist groups that should not get synched. I will commit my code soon, so it can be included in the public git repo.
Automated synchronization can be done with a small php script I have written. It is already published in the Davical Wiki / Section LDAP Groups / Discussion. This script can be run on the command line and can therefore be used to schedule a cron job.
I subscribe that the ability to specify failover LDAP servers would be nice. And it's also straight-forward to implement this. I will have a look at it when I've got some spare time next week.