New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Retain user roles for LDAP users when group mapping or config is missing #1405

Closed
kroepke opened this Issue Sep 8, 2015 · 0 comments

Comments

Projects
None yet
1 participant
@kroepke
Member

kroepke commented Sep 8, 2015

In order to make roles usable for LDAP users, without having a LDAP group mapping, Graylog should take into account whether the optional group search settings are set or not and whether any group mapping is configured.

Also allow editing roles of users even if they are created from a LDAP account.

This can have weird behavior when the default role or additional default roles are changed in the LDAP configuration, which was the reason this wasn't possible in the first place.
On each new login the entire account is synced from LDAP, including the roles. However, Graylog cannot differentiate between setting roles manually or them having been created via a (previous) mapping.
We'll have to live with this corner case for now.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment