Thread:Extension talk:LDAP Authentication/What are the problems with using wgLDAPUseLocal?

Most of the users of my wiki have LDAP accounts and so I've set up the LDAP extension with great success. But I also anticipate having a few users that don't have accounts on our LDAP server, but I'd still like to create accounts for them on the wiki.

It appears that the $wgLDAPUseLocal option is available for this case, but it's repeatedly recommended against on this forum and others. What are the problems with using wgLDAPUseLocal? Are there particular security or usability risks I should be aware of? Is it possible to work around these problems for long term use? If I shouldn't set this setting to True for the long term, what is recommended for cases where some users aren't LDAP members?

I would think this is a fairly common use case; here's another request.

Thanks,