Here's an scenario that I want to support, and so far seems that acs-authentication doesn't have all of this:
Info: In this scenario the user account will be on oacs & ldap as well, both the same, and none other account will be created besides the ones that exist on ldap.
1. When authenticating a new user (which is not in the oacs DB), I want it to search for that user on the ldap server, if its in the ldap server, then create the respective user account in oacs (new user_id).
2. For the registered users (those that are already on oacs and originally comming from ldap), the passwd will be authenticated locally (oacs)
3. The change of passwd using oacs will be performed for the user_id & respective ldap account.
In acs-authentication, #3 is supported (or can be extended), but about #1 & #2:
* doesn't seem to be supported, specially the behaivor of checking logins against local users table and if not found try on the ldap server. (in other words, in the register page, avoid the select of authorities, and automatically search among those 2, first locally and then in ldap)
* New accounts can be authenticated/created on oacs if they exists on ldap, isn't it?
It would be interesting to have some suggestions about how to implement this desired functionality on top of acs-authentication: hardcode it or define/modify related SC to allow this behaivor more smoothly?
Also, its not clear, in an ldap authority, what does these values represent:
1. Authentication: options--> ldap, local, none (what each one does?)
2. Password management: options--> ldap, local, none (what each one does as well?)
And what about the order of the authorities, does that means that it will try in that order to login a given user, and if none of them works, then it will finally fail?