In the current version, user management is available via two options: you can create and populate stand-alone users, or you can enable LDAP and allow any user who can authenticate to automatically create an account.

It is desireable to allow LDAP for authentication but to still control authorization, either by enabling an LDAP filter for a particular group, or by creating user accounts which use LDAP for auth.

The latter is doable (thanks olevy) by commenting out the following line in app/controllers/users_controller.rb:

config.actions.exclude :create

This enables LDAP users to be added, but the method is kludgy. There should either be an LDAP filter option (preferable) or a config or GUI-based way to turn limited LDAP on.