From de109aaeafde6a375441970bcb40136cdb7dff45 Mon Sep 17 00:00:00 2001
From: Frederic Guillot <fred@kanboard.net>
Date: Sat, 18 Jul 2015 10:17:18 -0400
Subject: Add new config option to disable automatic creation of LDAP accounts

---
 docs/config.markdown              |  3 +++
 docs/ldap-authentication.markdown | 18 +++++++++++++++++-
 2 files changed, 20 insertions(+), 1 deletion(-)

(limited to 'docs')

diff --git a/docs/config.markdown b/docs/config.markdown
index aca605ca..45ba7a91 100644
--- a/docs/config.markdown
+++ b/docs/config.markdown
@@ -135,6 +135,9 @@ define('LDAP_ACCOUNT_ID', 'samaccountname');
 // By default Kanboard lowercase the ldap username to avoid duplicate users (the database is case sensitive)
 // Set to true if you want to preserve the case
 define('LDAP_USERNAME_CASE_SENSITIVE', false);
+
+// Automatically create user account
+define('LDAP_ACCOUNT_CREATION', true);
 ```
 
 Google Authentication settings
diff --git a/docs/ldap-authentication.markdown b/docs/ldap-authentication.markdown
index 2428194d..8c7e5ff5 100644
--- a/docs/ldap-authentication.markdown
+++ b/docs/ldap-authentication.markdown
@@ -17,7 +17,7 @@ When the LDAP authentication is activated, the login process work like that:
 
 1. Try first to authenticate the user by using the database
 2. If the user is not found inside the database, a LDAP authentication is performed
-3. If the LDAP authentication is successful, a local user is created automatically with no password and marked as LDAP user.
+3. If the LDAP authentication is successful, by default a local user is created automatically with no password and marked as LDAP user.
 
 ### Differences between a local user and a LDAP user are the following:
 
@@ -85,6 +85,22 @@ define('LDAP_ACCOUNT_ID', 'samaccountname');
 // By default Kanboard lowercase the ldap username to avoid duplicate users (the database is case sensitive)
 // Set to true if you want to preserve the case
 define('LDAP_USERNAME_CASE_SENSITIVE', false);
+
+// Automatically create user account
+define('LDAP_ACCOUNT_CREATION', true);
+```
+
+### Disable automatic account creation
+
+By default, Kanboard will create automatically a user account if nothing is found.
+
+You can disable this behavior if you prefer to create user accounts manually to restrict Kanboard to only some people.
+
+Just change the value of `LDAP_ACCOUNT_CREATION` to `false`:
+
+```php
+// Automatically create user account
+define('LDAP_ACCOUNT_CREATION', false);
 ```
 
 ### LDAP bind type
-- 
cgit v1.2.3