My plan with OJS3 is to extend the authentication to be pluggable and hierarchical. That is, an administrator could allow OJS users to link their accounts to LDAP, Shibboleth, ORCID, Google, etc., so that they could log in with their preferred authentication source.
To make this possible, I stumbled down the path of enabling plugins to operate on a “site” or “context-specific” basis, per configuration. This bunny trailed into addressing some inconsistencies in the way our controllers are implemented, so now I’m seeing both of these steps as prerequisites to doing authentication “right”.
Once completed, we’ll be able to do read-only LDAP authentication, along with other desired methods, but that is (at present) a ways off.