LDAP integration discussion

[mondain]

This goes directly against the idea of LDAP. Why have a centralized DB with user accounts if you allow someone to create new accounts which potentially circumvents LDAP?

No one is suggesting that both types of accounts would be treated the same. LDAP users could have permission scheme X and non-LDAP users could have permission scheme Y. People who are in LDAP but choose to bypass it would be allowed to but at penalty of a severe loss of priveliges across the board, perhaps.

How should a corporation use phpbb as a tech support tool, when the 80 members of the tech support staff are in LDAP, but their customers coming to the forums for help are not? You can either force the 80 people to register seperately, put their entire customer base into LDAP, or allow a type of mixed mode.

What if the company isnt allowed to rollout any new services unless employees can use them with their LDAP creds?

All I'm saying is it wouldve been nice if we hashed out any logistics of a mixed mode. We were just told by a phpbb admin that this isnt going to happen, so the point is pretty moot unfortunately.

[Roberdin]

Well I can imagine a quick MOD for it, the rest could easily be implemented without code modification, apart form a new group:

Non-LDAP Users

Then in there, you can just set the permissions you don't want non-LDAP users to ever have as NO.

All users would be added to that group without the option to remove themselves from it without admin/mod consent. (I believe that is/will be possible in the current 2.2 roadmap.)