Fix accidental overwriting of LDAP team memberships (#24050) #24065
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Backport #24050 by @sillyguodong
In the
for
loop, the value ofmembershipsToAdd[org]
andmembershipsToRemove[org]
is a slice that should be appended instead of overwritten.Due to the current overwrite, the LDAP group sync only matches the last group at the moment.
Example reproduction
cn=admin_staff,ou=people,dc=planetexpress,dc=com
andcn=ship_crew,ou=people,dc=planetexpress,dc=com
.Map LDAP groups to Organization teams
inAuthentication Sources
:Synchronize external user data
task in theDashboard
.test_organization.ship_crew