Well I am designing LAM as a module for NS8, not really a big fan but a least it is an app still under development, phpldapadmin is quite dead now
We can authenticate either with a static list of admin that you set inside the configuration or you can either configure that any user of the ldap can authenticate
my fear is to see someone of the ldap allowed to list the user, for sure without permission to write you cannot change something, but you can read the address or the email of one of your coworker
so
a list of people allowed to login
any user of the ldap can login with their credential
both
I’d vote for both, though rather than a static, user-entered list I’d prefer it be by group membership. If “both” isn’t a realistic option, I’d definitely favor limiting it to admins rather than it being open to everyone.
No idea for now just tested the both case NS8 openldap and samba4 but since we retrieve from the ldap proxy the settings it should work at least in read mode