Use case: academic institution has their LDAP users nicely separated with an OU=Students, OU=Employees, and OU=Faculty. The institution wants a simple way to say: "any employees can submit to this collection, any faculty can submit to this collection."
Proposed new DSpace property (similar to search.index config):
Form is DN search string then DSpace group.
ldap.login.groupmap.1 = ou=Students:ALL_STUDENTS
ldap.login.groupmap.2 = ou=Employees:ALL_EMPLOYEES
ldap.login.groupmap.3 = ou=Faculty:ALL_FACULTY
So, if a user has a dn like:
cn=jdoe,OU=Students,OU=Users,dc=example,dc=edu that user would get assigned to the ALL_STUDENTS group on login
I thought about implementing this as part of getSpecialGroups, but the DN is not stored in the EPerson object, so it needs to be fetched from LDAP to be inspected. This proposed patch checks every time a user logs in to see if they need to be placed into any groups based on the mapping.