I see that LDAP Authentication with Rollbase is possible but is it truly authentication only whereas user accounts are still maintained in the Rollbase database? In other words, if you add, remove, or change users (such as password) are those done to the LDAP repository or done to the Rollbase repository or some mixture of both?
LDAP is only for Authentication. User accounts are still managed in Rollbase. You can no longer change password in Rollbase once you have set LDAP as Authentication. What Laurent is referring to is a fallback mechanism where in when LDAP fails we allow administrators to authenticate with the last used password in Rollbase Authentication mode.
When LDAP Authentication is set, the password is entirely handled by LDAP. One note however, the local, pre-LDAP password will be required for administrators should the LDAP connection fails. This is to prevent to lock everybody out of Rollbase should the LDAP configuration becomes invalid.
Thanks Laurent, so it sounds like the actual user accounts are still stored and managed in Rollbase and not in LDAP but LDAP is used for true authentication (user and password match stored values) and not in any capacity of user managment.
We're looking to replace is a tool we have now that allows our SaaS users to manage users from a webpage to be moved over to Rollbase and was hoping just using LDAP authentication would give them the functionality but it seems it does not.
What we would need them to be able to do all in LDAP is:
Add/Remove/Change basic user information (Login, "Name" and password)
Authenticate their Logins and Password
List their Logins names if they're administrative
LDAP is only for Authentication. User accounts are still managed in Rollbase. You can no longer change password in Rollbase once you have set LDAP as Authentication. What Laurent is referring to is a fallback mechanism where in when LDAP fails we allow administrators to authenticate with the last used password in Rollbase Authentication mode.