Q1. What is the problem that you are trying to solve?
Large organizations already have a directory with people name and details, as well as “global password”, it would make sense for orgnazation to be able to levarage that data.
See also. An admin of I can import people and groups from an LDAP directory
Note: this will create additional issues that would require to be solved as well:
a- Potentially people will be using a “weaker” authentication mechanism, see. https://www.passbolt.com/help/tech/auth
b- User would still need to type their passphrase to decrypt secrets: it will be confusing as they will be asked for two passwords in different context (e.g. one to login, one to decrypt passwords)
c- It could create a deadlock scenario: the user stored their password for LDAP is in passbolt, but need LDAP password to login.
d- Passbolt becomes unusable if LDAP is offline / in maintenance
e- More other future features such as offline use more complicated
Q2 - Who is impacted?
Organization having a directory.
Q3 - Why is it important and/or urgent?
It is strategic for passbolt to solve the need of larger organization.
Q4 - What is your proposed solution? (optional)
Potential ways to go around additional issues:
- Do not use a passphrase specific to passbolt but leverage the password from LDAP: e.g. keep the use of the key but only use the passphrase under the hood. For example the passphrase is encrypted using a secret stored in LDAP? This changes the security model however.
Q5. Community support
People can vote for this idea to show traction:
- Must have: this is critical for me to have this
- Should have: this is important for me to have this
- Could have: this could be nice to have
- Won’t have: we should not schedule this (explain why)