Bug #26432
open
Active Directory user not associated with "primary" group
Description
This can be a little confusing to explain. I will try to be clear.
I have two user groups linked to Active Directory via LDAP.
A user is a member of both groups in AD. One of the groups is set as his "Primary group" in AD.
Foreman associates this user only with the group which is NOT his primary group. If I switch which group is primary and refresh the group membership, Foreman associates the user only with the non-primary group again.
I discovered and tested this with a real user, and retested with a test account. I have several examples of real users with multiple group membership which behave as expected, but whenever an account's primary group is associated with a Foreman group, Foreman does not associate the user with that group.
Updated by Matt Kraai about 5 years ago
I am on Foreman 1.20.1. I looked, and didn't see anything that seemed related in the change logs or bug tracker.
Updated by Matt Kraai about 5 years ago
I have a fix for this.
See my pull request for ldap_fluff: https://github.com/theforeman/ldap_fluff/pull/59
If this gets pulled in, the :domain_users_forbidden validation in https://github.com/theforeman/foreman/blob/develop/app/models/external_usergroup.rb can be removed. The "special" in the Domain Users group is that it's the default primary group for new users in AD. Enabling primary group searching removes the specialness from Domain Users.
Updated by Tomer Brisker almost 4 years ago
- Category changed from 218 to Users, Roles and Permissions