Changes between Initial Version and Version 1 of Ticket #810, comment 24
- Timestamp:
- 01/12/17 00:08:31 (7 years ago)
Legend:
- Unmodified
- Added
- Removed
- Modified
-
Ticket #810, comment 24
initial v1 3 3 > > Allowing this means access to the AD will be required if the nested group is not locally defined and could lead to erratic behaviour: that is, user will be authorized when a DC is reachable, fail when not. 4 4 5 I dropped the idea of checking for these groups in the token as that would not support adding user to the group on the fly. This feature in the GUI is very convenient for lay users, but for the token to see the change in group membership, the user will have logout and login again.5 I dropped the idea of checking for these groups in the token as that would not support adding user to the group on the fly. This feature in the GUI is very convenient for lay users, but for the token to see the change in group membership, the user will have to logout and login again. 6 6 7 7 > Not supporting nested groups makes the whole thing a nightmare on large enterprise ADs and is against all best practices.