Join GitHub today
GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.
Sign upComments
kroepke
added
the
bug
label
Sep 8, 2015
kroepke
self-assigned this
Sep 8, 2015
kroepke
added this to the 1.2.0 milestone
Sep 8, 2015
added a commit
to graylog-labs/graylog2-web-interface
that referenced
this issue
Sep 8, 2015
This was referenced Sep 8, 2015
kroepke
closed this
in
85ee789
Sep 9, 2015
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
kroepke commentedSep 8, 2015
In order to make roles usable for LDAP users, without having a LDAP group mapping, Graylog should take into account whether the optional group search settings are set or not and whether any group mapping is configured.
Also allow editing roles of users even if they are created from a LDAP account.
This can have weird behavior when the default role or additional default roles are changed in the LDAP configuration, which was the reason this wasn't possible in the first place.
On each new login the entire account is synced from LDAP, including the roles. However, Graylog cannot differentiate between setting roles manually or them having been created via a (previous) mapping.
We'll have to live with this corner case for now.