In our situation we have a set of AD groups that are members of the WP Editors group, and then certain people who are in those AD groups are also members of the WP Admins group. This is configured properly in the SSO configuration, but unfortunately when an admin who is also an editor logs on, WP connects that user as a member of the lesser-privileged group.
I've verified this by watching the wp_capabilities key in wp_usermeta while adding and removing an AD group from the WP Editors group and confirming that said user becomes a WP admin at next logon.
This would be the equivalent of somebody being a member of the group "root" on a machine but only given access to whatever privileges "users" has because the host is resolving the lesser-privileged group.
Is there a way to reverse this so that the highest-privileged group membership is the one resolved by wordpress?
In our situation we have a set of AD groups that are members of the WP Editors group, and then certain people who are in those AD groups are also members of the WP Admins group. This is configured properly in the SSO configuration, but unfortunately when an admin who is also an editor logs on, WP connects that user as a member of the lesser-privileged group.
I've verified this by watching the wp_capabilities key in wp_usermeta while adding and removing an AD group from the WP Editors group and confirming that said user becomes a WP admin at next logon.
This would be the equivalent of somebody being a member of the group "root" on a machine but only given access to whatever privileges "users" has because the host is resolving the lesser-privileged group.
Is there a way to reverse this so that the highest-privileged group membership is the one resolved by wordpress?