My last comment still applies.

I would also like to see this feature implemented.

In our environment, the LDAP database is read-only for Horde and user 
management is done throuhgh other means. If someone tries to perform a 
write operation in Horde (add, update, resetpassword, remove), he gets 
an error.

Therefore, the ability to disable these capabilities at the LDAP 
backend level, so they are not exposed in the UI would be great.

I temporarily edited my local copy of Horde/Auth/Ldap.php:

protected $_capabilities = array(
'add' => false,
'update' => false,
'resetpassword' => false,
'remove' => false,
'list' => true,
'authenticate' => true,
);

Although it works, it is of course not a viable solution. It would be 
much better if this could be done through configuration.

User management is only available for admins anyway. Please ask 
further questions on the mailing list.

Please, can you give me a hint, how to disable user management by 
another way? I want to be absolutely sure, that horde will not do any 
changes into LDAP. But there are still buttons "Add", "Delete" etc. 
belong users. It is problem for us. We use it by specifying ldap user 
with minimum rights but better is to do not see any of this buttons.



Thank you.

The only limitation that make sense to me is to not show large drop 
down lists. And I just added a configuration option for that a few 
days ago, for Horde 3.3.5.

In Auth/ldap.php, there are hardcoded capabilities. But sometimes we 
need to change it. Maybe this could be used to override capabilities 
of other drivers too.



In config, ther could be something like:

$conf['auth']['params']['capability'] = Array ('list','add','update');



This could be very usefull because sometimes we have to disable 
deleting or modifying ldap users from horde, and sometimes it is not 
good to show all users in selectbox, when there are 10k+ users.



Thank you!