Behavior for ldap should be as follows:
1 is working fine, but 2 is broken. This is hard to demonstrate, as I can't really hook my AD up to a demonstration instance, but I have it set up in my tiki 11 install, and it works perfectly, but is not working on the latest 12.x pulled from svn (r49012 atm).
Another, problem that can cause the same symptoms, but is not the cause of the behavior above, is that when you edit an external group via tiki-admingroups.php?group=<group>
the isExternal flag in
the users_groups table gets set to "n" for that group. This means that if you change the description of an external group in tiki, or set that group to inherit, or even don't change anything but click "Save" on the group options page, the group will no longer be treated as external, and you will see 2 break again. I submitted item4398 about this a while ago, but I figured I'd dump it here as well.
I believe I have found the solution.
What I believe the issue is can be found here, line 1310 in lib/userslib.php
.
// Sync Tiki groups with LDAP groups data function ldap_sync_group_data($user, $ldapgroups) { global $prefs; global $logslib; if (!count($ldapgroups)) { return; }
When a user is removed from groups in the AD, and is no longer in any AD group, when they log in, their ldapgroups are passed to ldap_sync_group_data(). However, because they are in no groups in the AD, ldapgroups is empty, and the function returns without attempting a sync, and therefore without removing the user from any groups in tiki.
Removing the condition and return
if (!count($ldapgroups)) { return; }
solves the issue, and ldap works fine again.
However, this condition and return appear in tiki 11 as well, but tiki 11 does not have the same problem, so I don't know what to think about it.
To help developers solve the bug, we kindly request that you demonstrate your bug on a show2.tiki.org instance. To start, simply select a version and click on "Create show2.tiki.org instance". Once the instance is ready (in a minute or two), as indicated in the status window below, you can then access that instance, login (the initial admin username/password is "admin") and configure the Tiki to demonstrate your bug. Priority will be given to bugs that have been demonstrated on show2.tiki.org.
To help developers solve the bug, we kindly request that you demonstrate your bug on a show.tikiwiki.org instance. To start, simply select a version and click on "Create show.tikiwiki.org instance". Once the instance is ready (in a minute or two), as indicated in the status window below, you can then access that instance, login (the initial admin username/password is "admin") and configure the Tiki to demonstrate your bug. Priority will be given to bugs that have been demonstrated on show.tikiwiki.org.
filename | created | hits | comment | version | filetype | ||
---|---|---|---|---|---|---|---|
No attachments for this item |