Automatically remove users that are not part of the LDAP group on the subgroups when "Lock memberships to LDAP synchronization" is configured

Everyone can contribute. Help move this issue forward while earning points, leveling up and collecting rewards.

• Close this issue

Proposal

When Lock memberships to LDAP synchronization is configured, users that are manually added in the subgroup are not removed automatically.

• Create a group
• Configure ldap synchronization for groups in this level
• Create a sub-group
  • Add a user that is not part of the ldap group in the sub-group.
• Enable Lock memberships to LDAP synchronization in the Admin Area
  • Users added in the sub-group is still part of the group.

We should have a feature that will also automatically remove users that are not part of the LDAP group sync in the sub-group when Lock memberships to LDAP synchronization is enabled.