My organization use a specific LDAP branch to feed Passbolt groups and users. This works fine
Users and groups are finely synch in Passbolt when there’s no secrets shared, but when 1 share 1 secret to a group, the synch script send email to group manager, asking a manual operation. It says :
A request to add user laurence[xxxx].fr in group equipe-xxx was sent to the group manager.
Is it possible to allow group filling w/o this ? I browsed ldap.php file but didn’t find option to.
Thank for help
Welcome to the community.
The reason why the ldap connector behaves this way is due to the end-to-end nature of Passbolt. The connector doesn’t have a private key, nor can access to the secrets stored in the database. Consequently, since it cannot decrypt the secrets it cannot re-encrypt them for users that are added to a group with passwords shared with it, and needs to send a notification to the group manager to do it manually.
We have plans to improve this in a near future by managing user accesses to the secrets in a more asynchronous way.
Hope this answers your question.
Thank you for this clear explanation.
I’ll notice users they should ensure maximum of users are synch before start populate Passbolt.
This topic can be closed