At the moment the Group Level Administration is designed in such a way that allows users and groups from different directories to administer groups from other directories.
However, because authentication depends on directory position, this creates a situation where:
- if two users with the same username exist in two directories (e.g. directory A, directory B).
- Directory A is higher than directory B in the directory hierarchy definition.
- If the user that belongs to directory B is assigned as an administrator of directory A.
If all of the above conditions is satisfied, this creates a situation where if that same user attempts to authenticate to Crowd, the group administration functionality will still not be averrable for them. This is due to the directory hierarchy where the user who belongs to directory A will be authenticated affectively ignoring the same user that belongs to directory B (which was defined as a group administrator)
New Feature Request
The ask here is to request for Group Level administration functionality to work without any dependency on directory hierarchy.