Hi,
I observe a weird behaviour with the enumeration of nested groups for a user. I'm using LDAPMultiPlugins 1.2, LDAPUserFolder 2.7-beta1, PluggableAuthService 1.2 and Plone 2.5 (PlonePAS 2.1). Connection to our MS AD (Windows Server 2003 SP1) is working fine, but when I turn the group_recurse option on, the result is not as expected. The following example should illustrate the issue:
User A is in Group G1. Group G1 also contains Groups G2 and G3 (nested groups). User B is a member of G2, User C is a member of G3.
To my understanding, User B should be a member of G2 and G1, User C of G3 and G1. However, both are only members of their direct groups, i.e. G2 and G3, not of G1. In addition, User A (who should only be in G1) is a member of G1 AND G2 AND G3. The wrong memberships are reflected in the wrong mapping of roles (i have group to role mappings set up in portal_role_manager). LDAPUserFolder shows the (direct) group memberships correctly, however. Thus, I assume the erroneous behavior happening when the groups are unfolded.
This is a reproducible behavior. Any help would be greatly appreciated. Thanks!
|
