viteksafronov
commented
4 years ago I also think this behavior is contrary to parent option https://django-auth-ldap.readthedocs.io/en/latest/reference.html#std:setting-AUTH_LDAP_ALWAYS_UPDATE_USER, so we probably should respect it too, to update existing membership if the option is set to true (or we could have a separate option for that)
This backend checks for user's group only if the user is not yet a member of an organization. So if the membership was changed in LDAP, Sentry won't know about it leaving the user with same role as it was on create step. I'd like to manage users roles via LDAP and be sure the Sentry will reflect these changes as well.