Akram,
Thanks for the information. My method does allow AD users to use either the AD or FengOffice password.
I'm curious what you mean by this statement:
Watch out for little trick. if user is not listed in the domain, the user can be added to the domain and someone use LDAP password to login and the user doesn't know what is happening
I thought the FengOffice LDAP connector, like many other ldap connectors I have encountered, is a read only browsing connector. Plus, in my ldap config I use a read only account to bind to AD, the account has no write or change permissions. So how would it be possible to add someone to the domain?
The only advantage for the AD user to login with their FengOffice account is for something like the WEBDAV addon, which only uses FengOffice authentication. Otherwise the idea is to have users connect to the FengOffice web interface using the AD accounts first.