Uploaded image for project: 'OpenOLAT'
  1. OpenOLAT
  2. OO-1643

Detach LDAP username from OpenOLAT username and import LDAP users via excel

Details

    Description

      Historically the LDAP username is the same as the OpenOLAT username. Users are created on the fly on first login or when when batch synched.

      In some context the LDAP username must be able to change. In other setups, LDAP should only be used to authenticate users but not to create users on the fly or via synch process.

      The following has to be done:

      • In user import parse for LDAP usernames and create users with LDAP authentication token if available. This is analogue to the Shibboleth import, see import example
      • In LDAP module, modify the LDAPAuthenticationController.authenticate() and other relevant code to not identify users by OpenOLAT username but by LDAP security token
      • Don't use unnecessary LDAP named group anymore for synching etc
      • Add config which LDAP attribute should be used for LDAP username and which for OpenOLAT username
      • Make sure password caching fallback still works when OO username and LDAP username is not the same

      Attachments

        Activity

          People

            srosse Stéphane Rossé
            gnaegi Florian Gnägi
            Mandy Menzel Mandy Menzel
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: