Bug #1248

User is not synchronised when group membership is read from the group object

Added by walid over 10 years ago. Updated over 6 years ago.

Status:NewStart date:
Priority:NormalDue date:
Assignee:-% Done:

0%

Category:Authentication
Target version:Unplanned

Description

Group membership can be obtain by :

1 - reading an attribute in the user object (for example member can indicate the group's dn)

2 - reading an attribute in the group object (for example memberOf can indicate the user's dn)

When the group membership is filled in the user object, each membership changes update the user object, and then changes its ldap timestamp
but when the group membership is filled in the group object, it doesn't changes the user ldap timestamp, and user is not considered as to update (which means that the rules engine is not called)

MoYo : I understand the purpose but not the last parenthesis (which means that the rules engine is not called). Why speaking about RuleEngine ? User is not considered as to update... That's all, no ? RuleEngine is a simple consequence ?

TODO :
  • Based on glpi_users_groups is_dynamic fields, get groups linked to users and modifytimestamp (manage a cache for that). Update user timestamp to max group timestamp if > user timestamp.

History

#1 Updated by walid over 10 years ago

workaround created for 0.72 (see #1249)

date_mod field need to be added to the glpi_groups table

#2 Updated by remi over 10 years ago

Dynamic group (imported from LDAP) also need to be identified, as profiles with a dynamic attribute.

This will allow to remove group membership when ldap is updated.

#3 Updated by moyo almost 9 years ago

  • Target version changed from Unplanned to 0.84

#4 Updated by walid almost 8 years ago

  • Assignee deleted (walid)

#5 Updated by moyo over 6 years ago

  • Target version changed from 0.84 to Unplanned

Also available in: Atom PDF