I am using a slightly unorthodox setup: I have a user/group DB set up in MySQL, but I am using LDAP for authentication (all users are set up in the LDAP database, and the passwords are checked against that, ignoring the user DB passwords.
For the most part, this has been working just fine: presence and groups update just fine, unlike with pure LDAP, and it has the centralized password management we need.
However, I recently ran across a strange problem. Users who are in the LDAP DB can log in with their LDAP password even if they’'re not in the MySQL user DB–even with logins restricted to registered users.
While this is likely a rare situation, it seems to me the server should handle it and disallow logins for users not in the user DB, even if they’'re in the LDAP DB.