In the current state, when a user has a given role, it belongs to the LDAP group corresponding to that role, which is right. However, the roles in the Cooperative bear a hierarchical structure:
all "Cooperators", "Candidates" and "SanctionedCooperators" are also "Ordinary Members of the Community" (the opposite is false = many members of the Community are neither Cooperators, Candidates or SanctionedCooperators);
all "members of the Board" are also "Cooperators" (and hence also "Ordinary Members of the Community"),
etc.
The applications using the LDAP data do not natively include such a hierarchical structure (this is in particular the case of NextCloud). This is why it should be the purpose of the LDAP directory to implement that hierarchical structure.
Desired state
All users having succesfully completed the registration process, by the "Ordinary Member" or the "Cooperator" path, should be members of the group "ordinaryMembersGroup";
All users of the groups "boardMembersGroup" or "mediationArbitrationCouncilGroup" should be part of "cooperatorsGroup".
When a member of the "boardMembersGroup" (respectively: of the "mediationArbitrationCouncilGroup") becomes member of one of the following groups:
candidatesMissingYearContribGroup;
sanctionedGroup;
sanctionedMissingYearContribGroup;
then AlirPunkto should also remove him/her from the "boardMembersGroup" (respecively: from the "mediationArbitrationCouncilGroup"), until the member recovers his/her statute as member of "cooperatorsGroup".
Current state
In the current state, when a user has a given role, it belongs to the LDAP group corresponding to that role, which is right. However, the roles in the Cooperative bear a hierarchical structure:
The applications using the LDAP data do not natively include such a hierarchical structure (this is in particular the case of NextCloud). This is why it should be the purpose of the LDAP directory to implement that hierarchical structure.
Desired state
When a member of the "boardMembersGroup" (respectively: of the "mediationArbitrationCouncilGroup") becomes member of one of the following groups:
then AlirPunkto should also remove him/her from the "boardMembersGroup" (respecively: from the "mediationArbitrationCouncilGroup"), until the member recovers his/her statute as member of "cooperatorsGroup".