Add official LDAP/Active Directory user synchronization and authentication support

[haxlock]

Why this feature?

OpenIM possesses powerful messaging and group management capabilities. However, integration with enterprise-grade Identity Providers (IdPs)—such as Microsoft Active Directory, OpenLDAP, FreeIPA, and others—is currently a manual and complex process.

Enterprise users require the ability to use their existing corporate credentials (from their LDAP/AD server) to authenticate into OpenIM seamlessly. They also need to synchronize organizational structures (OUs) and groups to manage access control within OpenIM automatically.

The absence of this feature creates significant deployment overhead, security concerns, and manual user management, which is a barrier to adoption in large enterprise environments.

Suggested Solution

Add a native authentication module and user sync feature to allow:

​User Synchronization:​​ Automatically create/deactivate OpenIM users based on an LDAP/AD directory.

​LDAP Authentication:​​ Allow users to log in to OpenIM with their existing corporate credentials (username/password).

​Group Sync (Optional but important):​​ Map LDAP groups to OpenIM groups for access control.

Key Benefits

​Security:​​ Centralized user lifecycle management.

​Efficiency:​​ Eliminates manual user provisioning.

​Enterprise-Ready:​​ A critical feature for corporate adoption.

Additional Information

No response

[OpenIM-Robot]

Hello! Thank you for filing an issue.

If this is a bug report, please include relevant logs to help us debug the problem.

Join slack 🤖 to connect and communicate with our developers.