LDAP authenticator user member of multiple groups and group_mapping configuration

I have two LDAP groups that I’m mapping to two XWiki groups (with different rights), say group A and B.

One user is part of both LDAP groups: is there a priority / order of the configured groups or something?
I do not have a chance to test that right now.

Not sure I understand what you mean by priority. If the user is part of both LDAP groups, is going to be added to both XWiki groups.

OK, I thought, i.e., with:

xwiki.authentication.ldap.group_mapping=XWiki.XWikiAdminGroup=CN=A|\
                                        XWiki.XWikiEmployeesGroup=CN=B

And Alice being member of both A and B, that in Xwiki she would end up being only member of XWikiEmployeesGroup.

No, in this configuration you tell XWiki that both:

  • “if the user is part of A it should be also part of XWiki.XWikiAdminGroup”
  • and “if the user is part of B it should be also part of XWiki.XWikiEmployeesGroup”

| is just a separator for the list of mappings, it does not mean OR :slight_smile: