groups: members cannot be set for external groups

src/externalldap.js

@@ -396,14 +396,11 @@ async function syncGroups(config, progressCallback) {
     let percent = 40;
     let step = 30/(ldapGroups.length+1); // ensure no divide by 0
 
-    // we ignore all non internal errors here and just log them for now
     for (const ldapGroup of ldapGroups) {
         let groupName = ldapGroup[config.groupnameField];
         if (!groupName) return;
-        // some servers return empty array for unknown properties :-/
-        if (typeof groupName !== 'string') return;
+        if (typeof groupName !== 'string') return; // some servers return empty array for unknown properties :-/
 
-        // groups are lowercase
         groupName = groupName.toLowerCase();
 
         percent += step;
@@ -413,10 +410,13 @@ async function syncGroups(config, progressCallback) {
 
         if (!result) {
             debug(`syncGroups: [adding group] groupname=${groupName}`);
-
             const [error] = await safe(groups.add({ name: groupName, source: 'ldap' }));
             if (error) debug('syncGroups: Failed to create group', groupName, error);
         } else {
+            // convert local group to ldap group. 2 reasons:
+            // 1. we reset source flag when externalldap is disabled. if we renable, it automatically coverts
+            // 2. externalldap connector usually implies user wants to user external users/groups.
+            groups.update(result.id, { source: 'ldap' });
             debug(`syncGroups: [up-to-date group] groupname=${groupName}`);
         }
     }
@@ -486,7 +486,7 @@ async function syncGroupMembers(config, progressCallback) {
 
             userIds.push(userObject.id);
         }
-        const [setError] = await safe(groups.setMembers(group.id, userIds));
+        const [setError] = await safe(groups.setMembers(group, userIds, { skipSourceCheck: true }));
         if (setError) debug(`syncGroupMembers: Failed to set members of group ${group.name}. %o`, setError);
     }