LDAP Group Mapping

I have mapped AD group AD_1 to Metabase group MB_1.
I have made another Metabase group called MB_2 which has more permissions than MB_1 and I want to give persons P1 and P2 in the group AD_1 these higher permissions.

I tried manually assigning MB_2 group to P1 and P2 users (in Admin>People). But this extra permission was being deleted every time they logged in (there is already an open issue for this problem here)

Then I tried mapping the DN of P1 and P2 to MB_2 (in Group Mappings):
CN=John Doe,OU=Department,OU=Employee,OU=*User Accounts,DC=net,DC=domain
But this doesn’t work either. One reason this is failing could be because of this issue for subgroups.
Another reason could be that, in group mappings if a person matches multiple mappings, only one of them (the last one?) gets applied. In other words when a group mapping GM_x which maps AD_x to [MB_x1, …, MB_xn] is being processed, for every user in AD_x it first wipes the assigned MB groups to that user, then assigns the groups [MB_x1, …, MB_xn] to that user. Is this the case?

Hi @King_Edward
I haven’t looked into the code, but with the current issues, it sounds correct that it’s only syncing a single group, but I’m not sure which order.
I would recommend testing with different group names and their internal group ID, as well as how they’re returned from the AD. This should help figuring out if a workaround would be using different names/IDs.

Estou enfrentando o mesmo problema

conseguiu encontrar alguma solução de contorno? Estou enfrentando o mesmo problema =/