I suggest you ...

Improved LDAP support

The current LDAP support is very limited and should be extended massively:
- synchronisation only of users, not disabling groups etc.
- cyclic autmatic synchronization without user invasion (or direct access to LDAP without local storage)
- support for multiple LDAPs (failover)
- support for LDAP groups
- distinguish between Unix Usernames (case sensitive) and Windows usernames (case insensitive)

Would really be very nice, if that could be done!

99 votes
Vote
Sign in
Check!
(thinking…)
Reset
or sign in with
  • facebook
  • google
    Password icon
    I agree to the terms of service
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    Micha shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →

    2 comments

    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      I agree to the terms of service
      Signed in as (Sign out)
      Submitting...
      • Michael Rausch commented  ·   ·  Flag as inappropriate

        LDAP groups have basic support in version 0.9.9. However, it does not work all fine, because groups get created anew every time you trigger LDAP group sync.

        I have improved the LDAP drivers in davical a bit and fixed the above mentioned issue. Basically, group import is working flawlessly and there is also a new config variable to blacklist groups that should not get synched. I will commit my code soon, so it can be included in the public git repo.

        Automated synchronization can be done with a small php script I have written. It is already published in the Davical Wiki / Section LDAP Groups / Discussion. This script can be run on the command line and can therefore be used to schedule a cron job.

        I subscribe that the ability to specify failover LDAP servers would be nice. And it's also straight-forward to implement this. I will have a look at it when I've got some spare time next week.

        Cheers.

      Feedback and Knowledge Base