However, Rainloop does not have LDAP authentication yet
I have more or less understood how to “ldap_bind”, but how do you achieve SSO then, as the authentication is done without the user inputting any password?
At the moment I use the password header but it does not seem secure enough
Apps usually retrieve the user from the server variables (for instance $_SERVER['PHP_AUTH_USER'] for PHP); that allows to automatically log-in from the portal.
From my understanding, apps that combine using server variables + LDAP make no bind when redirected from the portal: if the user variable isn’t empty, they only make a search in the LDAP directory. However, these apps make a bind if you use their dedicated login page (Nextcloud, Piwigo, etc.).