I have mapped AD group AD_1 to Metabase group MB_1.
I have made another Metabase group called MB_2 which has more permissions than MB_1 and I want to give persons P1 and P2 in the group AD_1 these higher permissions.
I tried manually assigning MB_2 group to P1 and P2 users (in Admin>People). But this extra permission was being deleted every time they logged in (there is already an open issue for this problem here)
Then I tried mapping the DN of P1 and P2 to MB_2 (in Group Mappings):
CN=John Doe,OU=Department,OU=Employee,OU=*User Accounts,DC=net,DC=domain
But this doesn’t work either. One reason this is failing could be because of this issue for subgroups.
Another reason could be that, in group mappings if a person matches multiple mappings, only one of them (the last one?) gets applied. In other words when a group mapping GM_x which maps AD_x to [MB_x1, …, MB_xn] is being processed, for every user in AD_x it first wipes the assigned MB groups to that user, then assigns the groups [MB_x1, …, MB_xn] to that user. Is this the case?