Affects Version/s: 9.3.2
Fix Version/s: None
I encountered the following problem:
AD user logs in for the first time:
1) If the user does not belong to the mapped groups in the LDAP settings, then the user is created and placed in the XWikiAllGroup group. OK, that's logical!
2) However, if the user is from the mapped group in the LDAP settings, then the user is placed in the XWikiAllGroup and in his mapped group. This is not working for me!
My XWiki has created public and private sections (pages) for each known AD group (organization departments). These sections are configured with specific access rights for the respective groups (groups are set up in advance, group rights are defined in advance, access rights to sections for groups are defined in advance, LDAP map groups are configured).
For the XWikiAllGroup group, the rights are removed and a conflict of access rights is obtained when AD is a user in two groups at once!
Is it possible to change the algorithm for distributing users into groups?
For example, add a flag parameter that would allow the algorithm to work differently - if the user is from a mapped group, then do not put it in the XWikiAllGroup group?