Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Nested Group Support #21

Open
timhirsh opened this issue Mar 23, 2020 · 6 comments
Open

Nested Group Support #21

timhirsh opened this issue Mar 23, 2020 · 6 comments
Assignees
@primetheus
Labels
enhancement New feature or request

Comments

@timhirsh
Copy link

Our org has some nested AD groups. Here's an example group structure:

Group A
  * User 1
  * Group B

Group B
  * User 2
  * User 3

If I were to sync Group A to a GitHub team, I would like to see Users 1, 2, and 3 to be added to the team. Currently I'm seeing an exception when encountering the Group B member because it doesn't have a sAMAccountName.
@primetheus primetheus added the enhancement New feature or request label Mar 24, 2020
@primetheus primetheus self-assigned this Mar 24, 2020
@primetheus primetheus added the 🐛 bug Something isn't working label Mar 24, 2020
This was referenced Jun 16, 2020
Closed
Merged
@primetheus primetheus removed the 🐛 bug Something isn't working label Jul 2, 2020
@primetheus
Copy link
Collaborator

primetheus commented Jul 2, 2020
edited
Loading

@timhirsh The exceptions are handled in 2.0 and it skips over groups. We'll be looking into support for nested teams in version 2.1

@tim-tk
Copy link

tim-tk commented Oct 7, 2021

Hello there @primetheus, is there any update on this matter? We would really appreciate this feature to be implemented, since nearly all our groups are nested. Thank you!

@sudhir-korde-tm
Copy link

Hi @primetheus , is there any update on this enhancement.

@primetheus
Copy link
Collaborator

primetheus commented Feb 3, 2022
edited
Loading

@sudhir-korde-tm we can only implement a portion of this, as GitHub only allows for one parent team. For example:

The following mapping is possible with GitHub

GroupA:
    Group1:
        User1
        User2
    Group2:
        User1
        User5
GroupB:
    Group3:
        User3
        User4

In this scenario, users can be part of multiple teams, but each team has exactly one parent team.

The following mapping is not possible with GitHub

GroupA:
    Group1:
        User1
        User2
    Group2:
        User1
        User5
GroupB:
    Group1:
        User1
        User2

In this scenario we are attempting to add Group1 to both GroupA and GroupB. This is not something that GitHub supports with team nesting, and Group1 can only be a member of a single team.

Options

What we can do, is flatten out the nested groups in the IdP so they return individual users, and add them individually to the parent team. The sync would still add/remove users based on their membership, but on the GitHub side you would see individuals as members instead of teams. This is less than perfect, but it would be doable.

# User Directory
GroupA:
    User1
    User2
    Group1:
        User1
        User5
    Group2:
        Group3:
            User3
            User4

# GitHub Team
GroupA:
    User1
    User2
    User3
    User4
    User5

@sudhir-korde-tm @tim-tk is this something that would be a sufficient stop-gap?

@tim-tk
Copy link

tim-tk commented Mar 1, 2022

@primetheus Yes, flattening the groups would be a valid solution for us! Thank you!

@primetheus
Copy link
Collaborator

Azure support for nested groups was implemented in #133

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@primetheus primetheus

Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@primetheus @timhirsh @tim-tk @sudhir-korde-tm