A function in Teampass to check LDAP/Active Directory Group membership before granting access to Teampass.
In larger organizations you (probably) don't want the whole Active Directory/LDAP User container to have access to Teampass. This could be managed by creating a Active Directory Group where it's members have access to Teampass and let Teampass check this group membership.
(need to have):
- When logging in for the first time with an Active Directory account, the account should be a member of the AD group specified in de settings section. If not, no account should be created in Teampass. An email should be sent to the administrator and a line written in the Log.(User "X" which isn't a member of group [teampass] tried to access Teampass.)
- When logging in normally (after the account has been created), the user should always be checked if he/she is a member of the group specified in de settings section, if not, the account should be locked. an email should be sent to the administrator telling that user x is no longer a group member and the teampass account is locked. Probably some logging should also be made... for auditing purposes.
(Nice to have)
Further implementation of LDAP/|Active Directory in Teampass. Assigning LDAP/AD groups to Roles, this way when a Role is created in Teampass you can assign a AD group to it. Management can be done by adding or removing users from the specific LDAP/AD group.
We discussed the (need to have) feature by Email, but i never posted an official feature request.
Customer support service by UserEcho