DO NOT DELETE THIS INFORMATION.
Please read this information carefully.
- [x] Is your install up to date? Updating your install
Please do not submit an issue if your install is not up to date within the last 24 hours or on a stable monthly release.
- [ ] Please include all of the information between the
- [ ] If you would like us to add a new device then please provide the information asked for here
- [x] Please provide as much detail as possible.
I keep running into issues caused by the legacy authentication code that was inherited. I think it is time to do some major cleanup, however I don’t think we can do it right without making backwards-incompatible configuration changes.
- We need to separate authentication and authorization
- Allow users to select different methods for each, ie. HTTP authentication with LDAP authorization
- Remove duplicate code
- ad-authorization.inc.php is a copy of active-directory.inc.php
- ldap-authorization.inc.php is a copy of ldap.inc.php
- ldap authorization should be made generic enough to support active directory LDAP
- remove any dependencies from alerts/polling on authentication code
- cache email addresses in database instead of hitting authentication module?
- allow users to override data from directory?
How would we accomplish this without breaking config format, or how do we alert users before making config changes?