[stephenr]

> for Active Directory and LDAP implementations

> That checks sAMAccountName, which is unique

Only in Microsoft's schema. If you want to work with just AD, thats fine, but you shouldn't claim to be LDAP compatible if you only work with a single vendor's schema.

> It wouldn't be very user friendly to require a PATCH so a user can change a password

Why? It's a REST API, you're talking to it from code, you aren't asking users to write curl requests.

> You aren't going to enable an account and change a password at the same time very often.

I see you've never worked in a support environment before. If the account becomes locked, its usually because the user tried the wrong password too many times. So, they contact support who can unlock it, and invariably will need to reset the password at the same time.

> I'm definitely open to suggestions

Well I think you need to decide if its targeting AD specifically or any LDAP directory server. If it's the latter, it needs to be a lot more configurable .

[dc2]

Fair enough. I updated the readme for now, and will work on those points!

[stephenr]

For what it' worth, I definitely understand the basic premise of your project. I'm a big believer that people end up re-inventing a lot of things that Directory Services has had working since the late 90's simply because it's too different to what they're familiar with.

[dc2]

Well, thanks for that. I've actually had to deal with it for quite a while, believe it or not. And the current design is working out for my use. I do hope it does help others.