I just read the documentation for the new LDAP integration and I'm quite sure, that we might be able to abandon our custom LDAP-Plugin (see http://www.jetbrains.net/tracker/oldIssue/TW-2407)
Some questions are still open:
1) As we use Lotus Notes (which accepts a hell of a lot names for authentication) we were never able to write a good
which could prevent doubled user-accounts.
Do I understand it correctly, that
will trigger to use the given LDAP-attribute as the unique username, thus preventing double-accounts ?
2) The option
is not usable for us, as VCS names are not stored in our directory.
Without this option, it doesn't make sense to synchronize groups and to hope for notifications for new users.
We had to tell new employees to fill in their VCS-username again to receive notifications for changes.
Our current plugin uses a (99% correct) heuristic to determine the VCS-Username such as:
- take the last name of the user
- replace all umlauts
So only some special employess named 'schulz' or 'meier' (very common names in germany) still need to fill in their correct vcs-name, which is acceptable.
As this seems to be the only place where we would need a custom logic, it would be nice, if that logic could be provided by a custom-plugin.
Maybe there is alreay a listener, which informs about all new created users ?
On the other hand a listener which is called after an LDAP synchronization for each user was done would be nice.
Our current plugin then would shrink to a 10-liner which tries to fill VCS usernames.