Giters

directus / directus

The Modern Data Stack 🐰 — Directus is an instant REST+GraphQL API and intuitive no-code data collaboration app for any SQL database.

Home Page:https://directus.io

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

AUTH_LDAP_DEFAULT_ROLE_ID overwrites assigned role on every login

JSDA123 opened this issue · comments

commented

Describe the Bug

When using LDAP authentication, the assigned user role is always overwritten upon login with the role ID set with AUTH_LDAP_DEFAULT_ROLE_ID. As a result, the LDAP users's role always resets to the AUTH_LDAP_DEFAULT_ROLE_ID value, overwriting any changes. This occurs even when AUTH_LDAP_DEFAULT_ROLE_ID is null, leaving the LDAP user with no role at all.

Expected behaviour: AUTH_LDAP_DEFAULT_ROLE_ID should set the initial role on creation of a new user, and not overwrite the role on subsequent logins.

To Reproduce

Configure LDAP and configure AUTH_LDAP_DEFAULT_ROLE_ID to equal the Administrators role. Login as the LDAP user and note the account is created with the Administrator role. Log out and log back in as default Directus admin, change or remove the group membership of the LDAP user. Log out and log back in as LDAP user, and note the role has reverted to the value set in AUTH_LDAP_DEFAULT_ROLE_ID.

Directus Version

10.11.1

Hosting Strategy

Self-Hosted (Docker Image)

Database

No response