Hello,
RE: LDAP + Username Currently it seems the only way to login using an LDAP connected server is to use the/an email address for a user. Whilst this works it breaks the unified username/password combo that users in our organisation are used to using for multiple services. Because of this we find it stops SSO from working, because even if we use the "strip domain" option, the user.name@ does not always match the username of the user. Looking at the source code, there is only one entry in the config (LDAP_MAIL_ATTR) for an ldap field for 'mail' in this instance, and there is nothing similar for a username field, and from this I presume that the username is not used to check the user? I think I could modify this code to split the user auth out to allow to username and/or email address to be used for logon which would fix both. But before I do that I wanted to check that I am not missing something as I may have to backport these changes for newer versions (unless this is something of interest in the main branch). RE: LDAP + Disabled accounts Currently 1.1.1 allows an account that has been disabled to still login, it has to be checked manually if an account is disabled. I've seen lots of projects miss this out it. (Even ESXi didn't fix it until 5.5). Thanks, ST