We're updating the issue view to help you get more done. 

When using ActiveDirectory, roles and groups are not synced


When using the ActiveDirectory integration in 1.5 (and 1.5.1), the authentication part works correctly, however the role and group syncing does not. That is, a user can login with their AD username and password, but their group memberships in AD do not have any bearing on the groups and roles they belong to in CA.

This has two effects: Users that are added to a group or role in AD do not gain the relevant group or role in CA, and users that are removed from a group or role in AD do not lose the relevant group or role in CA. This means that membership management must be done manually in CA.

We have at least two clients using AD with CA and they want to manage access to the functions within CA externally in AD, as they do for other applications.

This relates to the changes introduced by http://clangers.collectiveaccess.org/jira/browse/PROV-835

There is a pull request for this, created some time ago: https://github.com/collectiveaccess/providence/pull/215

The PR contains more than just a simple fix, there were some other code issues that I have fixed as well. See the PR for details.

Putting this here as a bump to the PR. Any news on getting this merged? Will it land in 1.5.2?




Stefan Keidel


Ben New



Fix versions

Affects versions