It was in the changelog, but could probably be a little more 
prominent. It's the only way to set perms on sources now.

Ok... that seemed to work, but isn't that straight forward.  Is the 
Permissions stuff documented someplace?

Administration -> Permissions

How?  I don't see anything in sources.php that suggests that it makes 
a source editable or not.



I even checked the source.php.dist in CVS and HEAD doesn't seem to 
have a flag for it.

I know that's generally going to be correct, but not always, right? Is 
there a reason you can't just remove edit permissions on that source 
in your permissions setup?

After seeing that turba also offers the ability to add a contact to a 
RO ldap source, and digging around a little, it looks like turba just 
assumes that all ldap sources are RW.



The IMSP and null drivers have hasPermission() functions - the IMSP 
driver even interpreting IMSP ACLs to see what the user is allowed to 
do.  Perhaps the LDAP driver should do something similar?  Like... 
assume that if we're bound anonymously, that we can't alter data in 
the directory?

We've got two data sources defined for our installation -  RW 
mysql-backed personal addressbooks, and a RO institutional LDAP   
"white pages".



Browse offers users the ability to "Move, Copy to" the RO LDAP 
instance.  It seems that "Move, Copy" should only be offered when 
there are RW data sources available (other than the source you're 
moving or copying from).  If a user tries to copy a record into a RO 
data source, they get an ugly (and potentially confusing) error.



In the case when there are multiple data additional data sources 
available (eg RO ldap, RW SQL and RW IMSP), "Move, Copy" should only 
offer the RW data sources in the pull-down menu.