Q1. What is the problem that you are trying to solve?
I’ve been very happy to find “LDAP integration” on the roadmap, but when I think about it I can find different use cases that need different developments. As a Sysadmin (and CISO) in a university one of my main challenges is to provide my users with exclusive and secured access to resources. An integration with LDAP will help me.
Q2 - Who is impacted?
System and network administrators.
Q3 - Why is it important and/or urgent?
This will increase adoption in organization that uses LDAP, e.g. larger orgs.
Q4 - What is your proposed solution? (optional)
Having a script every night that pulls new users from LDAP to inject them in passbolt could do the trick, but it’ll probably create 70 to 80% never-used accounts. It can be done out of passbolt scope, though.
An interesting option would be to allow self-registration to people only if they can authenticate first against an LDAP directory. The registration process would also pull user details (Name, email, pict?..) from the LDAP.
A nice add-on would be to sync groups from LDAP (crontab for example), and to make it possible for a user to share a secret with a group.
There should be an option to use the LDAP password as additional authentication factor.
Q5. Community support
People can vote for this idea to show traction:
- Must have: this is critical for me to have this
- Should have: this is important for me to have this
- Could have: this could be nice to have
- Won’t have: we should not schedule this (explain why)