splitbrain
commented
1 week ago couple of things:
- when using authAD, changing profile information changes it in AD thus your comment on it being overwritten by AD makes no sense
- oauth keeps a copy of user data in a local file for offline access
- IIRC the only info users can change is their display name and their oauth group memberships (managing which oauth providers to allow)
- the overwrite-groups option makes sure that groups are always updated from upstream
So I guess an option to prevent users from editing their real name could be introduced. We would also need to update it on reauthentication.
Feature Description
We are trying to switch from direct LDAP/AD auth to OAuth/OIDC via Keycloak. The former allowed us to disable changing one’s profile information (which would get overridden from AD anyway), including password. I would like to have the same functionality here.
From a quick glance at the code, it does not seem too complicated and I might end up dropping a patch, but I’m not experienced with PHP.