Hi,
as mentioned for my pull request (
https://github.com/gitblit/gitblit/pull/247 ) there is discussion needed.
> [ gitblit comment :]
> At a quick glance you are changing the existing behavior to solve your
issue, but you may be breaking other installs. This needs some
discussion on the mailing list. Clearly with LDAP what works for some
may not work for all - hence the reason for your PR.
I agree this will change behavior, would suggest to add a new settings parameter for this behavior.
These are the probable scenarios:
Scenario 1: search user and normal user can see everything
@sync = true / false
->old/new: behavior should be the same
Scenario 2: search user can see everything, but normal user cannot see groups
@sync = false
-> old: on login all user's teams will be written to [] because ldap thinks the user does not have any group.
-> new: on login user group will be set correctly
@sync = true
-> old: on login all user's teams will be written to [] because ldap thinks the user does not have any group -> This is a Bug, because at each sync intervall the user groups were red correctly
-> new: on login user group will be set correctly, so there is no difference in the sync/nosync behavior
Scenario 3: search user cannot see groups, but normal user can
@sync = false
-> old: after login user's teams would be red correctly
-> new : after login user's teams would be []
@sync = true
-> old: after login user's teams would be red correctly
-> new : after login user's teams would be []
Cheers Rainer