This seems like a bug. Not sure of the right way to submit bugs for OSS so I’ll start here. Actually, I have two bugs related to LDAP so I’ll start two threads so they can be discussed separately.
We have a configured and, basically, working LDAP configuration. I opened it today to edit the filter because we weren’t seeing all of the groups in AD (we have 70K+). I wouldn’t care except the groups I need to map are not showing up.
So the summary of this bug is this: I opened the LDAP entry. Changed the search base only, and saved. Now I got no LDAP results when mapping a role. I went back to the LDAP entry and removed my changes to the search base but still got no results in Roles. Further investigation showed that the save overwrote the previous data from the user and group tab with defaults because those values aren’t “remembered” by the UI - even though, at this point, I had not even opened the user and group tab.
When I opened the user and group tab, it was clear that it does not remember the template selected (Active Directory) from when the LDAP entry was created. When I select the Active Directory template, it drops in the defaults (cn=user), etc. into the fields, overwriting my previous configuration.
At this point, I don’t know exactly what got overwritten and what worked previously; all I know is what the screen is showing me now. After about an hour of experimentation I got it back to what it was - or at least to where I am getting results indistinguishable from what I was getting before I started.
The expected outcome was that the UI correctly show the data exactly as it was last saved or selected. Also, fields that were not explicitly changed by the user should not be changed when saving.
For the sake of other readers who may be searching for other problems I am having I will separate the search issue and the bugs into their own threads. If that’s not the right choice, hopefully a moderator can merge them.