Description
When syncing users from LDAP and AD following two scenarios fail (unix user syncing is not affected) when checking role assignments.
Setup: two groups with 5 members in total:
rangerdeltaGrp01: rangerdelta00,rangerdelta01,rangerdelta04
rangerdeltaGrp02: rangerdelta02,rangerdelta03,rangerdelta04
User rangerdelta04 is member of both groups.
Scenario 1:
- 'ranger.usersync.group.based.role.assignment.rules':'ROLE_SYS_ADMIN:g:rangerdeltaGrp01&ROLE_KEY_ADMIN:g:rangerdeltaGrp02'
- expected: rangerdelta04 has only KEY_ADMIN role
- actual: has both KEY_ADMIN and SYS_ADMIN roles
Scenario 2:
- 'ranger.usersync.group.based.role.assignment.rules':'ROLE_SYS_ADMIN:g:rangerdeltaGrp01&ROLE_KEY_ADMIN:g:rangerdeltaGrp02&ROLE_SYS_ADMIN:u:rangerdelta04'
- expected: rangerdelta04 is SYS_ADMIN
- actual: it is not