There are a few things you can do, which is basically in a nutshell “keep the two in sync” manually:
Make sure the name of people in LDAP and passbolt are the same
Make sure the name of groups in LDAP and passbolt are the same
Make sure you delete the groups/people that are not in LDAP anymore.
Feel free also to comment on the thread discussing the LDAP integration feature. The more detailed the requirements and the clearer the user worflow the easier it is for us to define and implement a solution.
Not easy to push through as the users will subscribe them selfs.
You should consider turning public registration off and adding them manually yourself in the user workspace.
Otherwise if you have scripting skills you can use the ‘RegisterUser’ console task to import all your users. For example:
Importing all users is not a good idea in our case, we have +6000 users in our organisation, from which only a small part will use the service.
Okay voted for the issue (-:
Another way to do this properly is if the user can actually himself switch the user to “ldap” finally. The idea would be that the user has a possibility to add a “authentication method” which would be LDAP of the institution. (Others might be SAML/Oauth of lets say GitHub, Twitter, …)