LDAP can be used as Authentication Method for Passbolt.
@loomi if LDAP is used as the primary authentication method for passbolt that would have several drawbacks:
- Using a “weaker” authentication mechanism, see. Passbolt Help | Authentication in passbolt
- User would still need to type their passphrase to decryt secrets: it will be confusing as they will be asked for two passwords in different context.
- It could create a deadlock scenario: the user stored their password for LDAP is in passbolt, but need LDAP password to login.
- Passbolt becomes unusable if LDAP is offline / in maintenance
I’m curious what other people think of having the approach you describe instead of what we had in mind (more of a sync’ script that populates profiles and group data and optionally ldap password as additional authentication factor).
We’re certainly not set on the approach, but it’s important expectations are clear for everyone.