In our LDAP login configuration, we have currently 3 fields for synchronizing 3 Tiki user attributes with the LDAP values.
This works fine: when the attribute is changed in the LDAP, it is changed for the user at the next login.
The attributes are the following:
- Realname attribute
- Country attribute
- Email attribute
These are all available in various existing standard LDAP, but maybe there are needs for more.
Is there need for more? Does anyone using LDAP authentication regret not having one or two more?
I am evaluating creating a “tiki” objectClass for the openLDAP which is coming with wikisuite, which would give 2 main benefits:
- Have the Tiki-related fields in the “add user” and “edit user” feature of the wikisuite LDAP, so they can be changed in the user directory instead of Tiki and synchronized with Tiki.
- Not interfere with existing fields, like the wikisuite mail LDAP attribute which is an internal wikisuite-managed email and not the “provide whatever email you already use on the internet” which tiki uses for the “I forgot my password” feature. Remember it’s the same password for accesing Tiki and the wikisuite email interface.