Javadoc
TODO: nested groups.
This LDAP login handler has read-write access to the LDAP server and acts as master of the user and group data. All
changes of ProjectForge's users and groups will be written through. Any change of the LDAP server will be ignored and
may be overwritten by ProjectForge.
Use this login handler if you want to configure your LDAP users and LDAP groups via ProjectForge.
Passwords After each successful login-in at ProjectForge (via LoginForm) ProjectForges tries to authenticate
the user with the given username/password credentials at LDAP. If the LDAP authentication fails ProjectForge changes
the password with the actual password of the user (given in the LoginForm).
Deactivated users Deactivated users will be moved to an sub userbase called "deactivated". The e-mail will
be invalidated and the password will be deleted. Deleted and deactivated users are removed from any LDAP group. After
reactivating the user, the password has to be reset if the user logins the next time via LoginForm.
Deleted Users Deleted users will not be synchronized and removed in LDAP if exist.
Stay-logged-in The stay-logged-in mechanism will be ignored if the LDAP password of the user isn't set (is
null). Any existing LDAP password doesn't interrupt the normal stay-logged-in mechanism.
New users New users (created with ProjectForge's UserEditPage) will be created first without password in the
LDAP system directly. Such users need to log-in first at ProjectForge, otherwise their LDAP passwords aren't set (no
log-in at any other system connecting to the LDAP is possible until the first log-in at ProjectForge).