-
Type:
New Feature
-
Status: Closed (View Workflow)
-
Priority:
Major
-
Resolution: Fixed
-
Affects Version/s: None
-
Fix Version/s: 11.1
-
Labels:None
-
Funded by:
For historical reason the LDAP login name is the same as the OpenOLAT username. The connection is hardwired.
The goal of this issue is to break up hardwired LDAP login name - OpenOLAT username connection. The OpenOLAT username should be something that never changes on the LDAP server, such as the SAMAccount, however the LDAP login name could also be something different such as the users mail address.
Todos:
- Add config to separately configure the OpenOLAT username mapping and the LDAP login name attribute
- Fix findIdentyByLdapAuthentication and other methods that are hardwired to the OpenOLAT username and use the authentication token instead
- On sync, update LDAP token in case the mapped token changed for a specific user (new email).
- Make sure WebDAV does work using the same login name
- Make sure the LDAP sync and login process works on a system that changes the config from the old to the new style (either using a migration job, an automatic magic mechanism or by providing instructions how to manually change things in the database).
Maybe the LDAP login name must not be stored in OpenOLAT at all. Every time the user loggs in it must be looked up on the LDPA anyway. But we have to make sure it works with WebDAV as well.
