I connected my Dolibarr 19.0.0 to my OpenLDAP Server which holds my 3 users and 5 groups. 
Adding a user works with GET from LDAP and save the user and if I create a group with the same name as it exists in LDAP it shows the members correct in the LDAP-Overview.
Authentication with the user/ldapPass combination works too
What is really missing:
-
for normal the user should be created on the first login based on his LDAP data.I only have 3 users here, but if there are 1000++ this would be a hell job manually creating all users. I think creating the user on the first successful input of user/pass would be cool and I see no security impact.
-
Same with the groups. Because Dolibarr permissions should be best set on group level, there is no real problem to create the groups in dolibarr. “GET” from LDAP to not have typing errors would be nice. BUT if a user is automatically created from LDAP the user should also be added to the same groups available in Dolibarr. This should be rechecked on every login so changes in the LDAP are used in Dolibarr too.
That way working in Dolibarr with an existing LDAP would enhance the user experience a lot.
Greetings
