Person groups membership problem

  • Hi,

    I have installed i-doit pro trial version and currently having some issues with person groups mappings.

    LDAP is configured and working fine. Users are found in the AD and successfully authenticated.
    I have also created a new person group and configured LDAP-Group mapping.
    This also works fine, users are on their first login assigned to this group.

    The problem is that every user is also assigned to the Admin group.
    So every user is a member of this group with LDAP mapping and the Admin group.

    I can't seem to find where to disable automatic assignment to Admin group.

    There is a file "isys_application.class.php" with the following line :

    define("CLDAPGROUP_IDS", isys_tenantsettings::get('ldap.default-group', ''));

    Editing the line to something like

    define("CLDAPGROUP_IDS", isys_tenantsettings::get('ldap.default-group', '10'));

    did not change anything.
    User are still assigned to the Admin group and LDAP mapped group.

    Is there a way to disable this automatic assignment of all users to Admin (object ID 14) group?

    System specifications:
    i-doit 1.8.2, revision 21802
    OS Debian 8.7
    PHP 5.6.29
    MariaDB 10.0.29

  • Hi,

    this is a bug in 1.8.2. We are just checking how and where it occurrs. I will post an update when we know whats going on.

  • Here is a fix for 1.8.2. It only applies the default group if no other LDAP group mapping is found.
    the default group can be found in the advanced system settings by the way. It is a good idea to change it to a non existing group ID e.g. 999999 or the ID of the reader group.

  • The fix did the trick.
    Thank you very much!

Log in to reply

Datenschutz / Privacy Policy