diff --git a/inc/drivers_ldap.php b/inc/drivers_ldap.php index cdb8e58e..56e7cfc0 100644 --- a/inc/drivers_ldap.php +++ b/inc/drivers_ldap.php @@ -558,16 +558,15 @@ function sync_LDAP_groups(){ $ldap_groups = array_keys($ldap_groups_info); - // groups only in ldap - $groups_to_create = array_diff($ldap_groups, $db_groups); + // Groups only in LDAP or in both LDAP and DB. To be created or updated. + $groups_to_create = array_merge( + array_diff($ldap_groups, $db_groups), + array_intersect($db_groups, $ldap_groups)); - // groups only in db + // Groups only in DB. To be disabled.. $groups_to_deactivate = array_diff($db_groups, $ldap_groups); - // groups present in ldap and in the db - $groups_to_update = array_intersect($db_groups, $ldap_groups); - - // groups where nothing was done + // Groups where nothing was done $groups_nothing_done[] = null; if ( sizeof ( $groups_to_create ) ){ @@ -633,15 +632,15 @@ function sync_LDAP_groups(){ Principal::cacheDelete('username', $group); - // mark group for updating, so users get synced - $groups_to_update[] = $group; + // mark group for sync'ing the members + $groups_to_sync_members[] = $group; } $c->messages[] = sprintf( i18n('- creating groups : %s'), join(', ',$groups_to_create) ); } - if ( sizeof ( $groups_to_update ) ){ - $c->messages[] = sprintf(i18n('- updating groups : %s'),join(', ',$groups_to_update)); + if ( sizeof ( $groups_to_sync_members ) ){ + $c->messages[] = sprintf(i18n('- updating groups : %s'),join(', ',$groups_to_sync_members)); // Support the old name of user_mapping_field.. $user_mapping = NULL; @@ -651,7 +650,7 @@ function sync_LDAP_groups(){ $user_mapping = $c->authenticate_hook['config']['mapping_field']; } - foreach ( $groups_to_update as $group ){ + foreach ( $groups_to_sync_members as $group ) { $db_members = is_array( $db_group_members[$group] ) ? array_values( $db_group_members[$group] ) : array();