I'm evaluating SilverStripe for possible usage for my corp. intranet site. Since we're a (mostly) microsoft shop we have an AD environment. My evaluation install consists of the core and the External (ldap/AD) Authentication module. I haven't been successful logging in with ldap - currently I get to a url that ends in Security/?executeForm=LoginForm and a blank page (reloading the blank page yields an http 500 ).

However, even when that module works as advertised - it still won't fit in our 'single-signon' environment. I have over 700 users and really can't see creating (or modifying [auth source & user ID]) them all individually.

Assuming that the problem in paragraph 1 can be resolved (advice is welcome); what is the best approach for populating the member table?

Should I write an external process to sync the table with AD in the night, then hack the login to not ask if we're already logged into the domain?

Or require the users to do a one-time login after hacking the auto-add-user code to also populate the additional fields reqd for an ldap login in a single authenticator environment?

Or is there a better approach?