etianen
commented
1 year ago django-python3-ldap doesn't sync groups by default. You have to configure this yourself:
https://github.com/etianen/django-python3-ldap#sync-user-relations
The bug is likely in your own code. :stuck_out_tongue:
I am using ldap_sync_users for udpating which groups a user is member of, in order to provide permissions. I see relations are added but not deleted, so in a typical case when a user changed his role in the company he will have his new permissions but also the old ones.