Closed pi-phi closed 2 years ago
at the moment we avoid bigger problems by using the extension configuration
Keep Backend groups
backend.keepBEGroups (boolean)
Keep the Backend user groups assigned locally.
but that always fails for new users (they only get one group) and removing groups is not possible any longer
For each of the AD-groups a record in tx_igldapssoauth_config exists filtering exact this group.
Since the latest update only the first matching group is assigned, further matching groups are ignored.
Do you mean that you have multiple configuration records that possibly match a given user at login and you say that previously all the configuration records were "processed" and thus every matching configuration was applied to the resulting user?
Please clarify this and possibly give a concrete example to describe. Thanks.
this might be similar to #62 but I think it is different.
We have installations where multiple roles are defined. each role has it's own BE-usergroup.
The complete user management is done in an active directory. If a user has multiple roles he gets all that groups and until now the BE-user has it's groups refreshed on login. That means: if he got another AD-group, he also got that BE-group added. if one group was removed, that corresponding group was removed in TYPO3. For each of the AD-groups a record in
tx_igldapssoauth_config
exists filtering exact this group.Since the latest update only the first matching group is assigned, further matching groups are ignored.
Is it a bug or do we need another configuration? global (extension settings) or individual (record for each group)