id summary reporter owner description type status priority milestone component version resolution keywords cc drp_resources i_links o_links remaining_time sprint 6502 Complex new_user_group configurations jamoore jamoore "If groups for a particular user in LDAP are not found still assign user to a default group. Something like: {{{ omero.ldap.new_user_group=defaultgroupname&&:query:... omero.ldap.new_user_group=:query:...||defaultgroupname }}} This group will take precedence, i.e. will be assigned first and lookup for additional groups (LDAP groups) will continue (successfully or not) and not prevent the user from logging in. Further, this should most likely include a way to specify the permissions per group that comes from LDAP (.e.g `:query(perms=rwr---):...`) Other ideas from Chris: * Allow adding arbitrary data in the specification similar * Allow setting a user's default group Even more ideas: * Take group owner from LDAP * #11876 apply group filter but use a default group (i.e. `:query: && defaultgroupname` rather than `||`) See: http://lists.openmicroscopy.org.uk/pipermail/ome-users/2011-August/002772.html" task new critical Unscheduled Security 4.4.9 lkolchin@… cxallan bpindelski atarkowska