Extension:LDAP Authentication/Roadmap

Next version
I have a bad memory, and need a to-do list. If I have promised to add something for you in the next version, and it isn't in the list below, please add it.

v1.2b

 * Allow group syncronization to work with nested groups (in SVN)
 * Add support for exclusion groups in addition to required groups (in SVN)
 * Configured via $wgLDAPExcludedGroups; syntax the same as $wgLDAPRequiredGroups
 * Fix check for returns with no entries (in SVN)
 * Add memberOf support (in SVN)
 * There is a minor issue with this support: active directory is somewhat stupid, and it is extremely difficult to find a user's primary group. memberOf doesn't list primary groups, only secondary groups. As such, I'm not going to support primary groups in memberOf. You can ask me to support it, but my answer will be: I'll take a patch. Seriously, I think everyone should go see what you have to do to find a user's primary group; it is ridiculous.
 * Add patch for getting user's primary group (in SVN)
 * Fix problem with usernames containing parenthesis (in SVN)
 * Fix User not loaded from session issue
 * Change behavior of locally managed groups to allow MediaWiki specific groups to be overridden
 * Fix the username-authentication issue once and for all (hopefully without nasty hacks)
 * Fix the issue where local users can't change their passwords
 * Add strictUserAuth support
 * Fix warnings in PHP 5.2.10 (in SVN)
 * Fix issue with $wgLDAPGroupsPrevail (in SVN)
 * Fix email issue (in SVN)
 * Fix group synchronization issue with memberOf support (in SVN) (patch by Teddy Reed)

v1.2c

 * Add support for automatic domain discovery
 * Refactor the code to handle configuration globals differently
 * Add an option for schema type, so that common options can be automatically configured
 * Fallback to defaults when certain options aren't set

Possibly in a future version

 * Allow changes to LDAP groups via Special:Userrights
 * Support for choosing default search scope, and defining it for multiple domains.
 * Support for adding users/changing passwords in Active Directory.
 * Support for using LDAP as a complete user backend (including user options and such). Using ldap as a backend will require a custom schema to be loaded in the LDAP server.