We wrote a custom permission system that relies on SSO authentication and LDAP user groups, and we have been having issues pulling all the nested groups of the user using the Drupal\ldap_servers\Entity\Server::groupMembershipsFromUser() function. Not all the groups are being pulled with that function, even if we add the desired group DN in the base DN's for users and groups and the user is a direct member of that group, although this does work for other groups (even without being a direct member). Simply put, not all groups are being pulled for each user and in an inconsistent manner (changes per user).

This seems to be related to a paging issue, but we get the same issue with or without paging turned on in server configuration.

Comments

nyariv created an issue. See original summary.

grahl’s picture

grahl
he/him
Location Zürich
CreditAttribution: grahl as a volunteer commented
Issue tags: -ldapgroups

Hi

Yes that sounds like an issue with pagination, I've received inconsistent feedback in the issue queue with some systems conflicting, I've not seen this in production myself.

Do you get any output in the database log with detailed watchdog logging enabled which could shed some light on this? What's the pagesize your directory server supports?

grahl’s picture

grahl
he/him
Location Zürich
CreditAttribution: grahl as a volunteer commented
Status: Active » Postponed (maintainer needs more info)
grahl’s picture

grahl
he/him
Location Zürich
CreditAttribution: grahl as a volunteer commented
Status: Postponed (maintainer needs more info) » Closed (cannot reproduce)

No feedback, closing.