Retain user roles for LDAP users when group mapping or config is missing #1405
Comments
kroepke
added a commit
to graylog-labs/graylog2-web-interface
that referenced
this issue
Sep 8, 2015
This was referenced Sep 8, 2015
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
In order to make roles usable for LDAP users, without having a LDAP group mapping, Graylog should take into account whether the optional group search settings are set or not and whether any group mapping is configured.
Also allow editing roles of users even if they are created from a LDAP account.
This can have weird behavior when the default role or additional default roles are changed in the LDAP configuration, which was the reason this wasn't possible in the first place.
On each new login the entire account is synced from LDAP, including the roles. However, Graylog cannot differentiate between setting roles manually or them having been created via a (previous) mapping.
We'll have to live with this corner case for now.
The text was updated successfully, but these errors were encountered: