No-hands LDAP administration of Castellum users/leaders/admins
KYB Tuebingen would like to use LDAP groups to administer users of Castellum.
This is partially supported however Castellum still requires manual (at the Castellum web interface) intervention.
Currently, after being added to an LDAP group, a new user needs a Castellum admin to "activate" the new user. We would like this done automatically based on LDAP membership.
Likewise, it would be nice if a person were removed from the group, they should be deactivated in Castellum. (maybe for the future)
A greater question is whether LDAP groups can specify who is a member of higher level Castellum members. For example, can LDAP be used to say who is capable of creating a study or who is an admin? (We'd like that, but Timo thinks it might not be possible.)
Our objective is pretty much, no-hands admin from the IT perspective. We'd like to just add / subtract people from LDAP groups.