Changes between Initial Version and Version 1 of Ticket #810, comment 24


Ignore:
Timestamp:
01/12/17 00:08:31 (5 years ago)
Author:
Selva Nair
Comment:

Legend:

Unmodified
Added
Removed
Modified
  • Ticket #810, comment 24

    initial v1  
    33> > Allowing this means access to the AD will be required if the nested group is not locally defined and could lead to erratic behaviour: that is, user will be authorized when a DC is reachable, fail when not.
    44
    5 I dropped the idea of checking for these groups in the token as that would not support adding user to the group on the fly. This feature in the GUI is very convenient for lay users, but for the token to see the change in group membership, the user will have logout and login again.
     5I dropped the idea of checking for these groups in the token as that would not support adding user to the group on the fly. This feature in the GUI is very convenient for lay users, but for the token to see the change in group membership, the user will have to logout and login again.
    66
    77> Not supporting nested groups makes the whole thing a nightmare on large enterprise ADs and is against all best practices.