id summary reporter owner description type status priority milestone component version resolution keywords cc drp_resources i_links o_links remaining_time sprint 6502 Complex new_user_group configurations jamoore jamoore "If groups for a particular user in LDAP are not found still assign user to a default group. Something like: {{{ omero.ldap.new_user_group=defaultgroupname&&:query:... omero.ldap.new_user_group=:query:...||defaultgroupname }}} This group will take precedence, i.e. will be assigned first and lookup for additional groups (LDAP groups) will continue (successfully or not) and not prevent the user from logging in. Further, this should most likely include a way to specify the permissions per group that comes from LDAP (.e.g `:query(perms=rwr---):...`) See: http://lists.openmicroscopy.org.uk/pipermail/ome-users/2011-August/002772.html" task new critical Unscheduled Security lkolchin@…