I am having trouble adding a group to a user authenticated via LDAP. I have setup the multidirectory and according to this doc “[l]ocal groups can reference local and LDAP users as members” but that does not work for me. Adding it via “User.CreateOrUpdate” does not return any error, but only an empty list of groups.

My guess is as the external user does not have a “user” entry within the Nuxeo database there is no place to actually store the groups. This would explain why the groups list is empty compared to local users having at least “members” as a group.

Is there a way to have an external user be part of a local group? Also I don't know if the operation doesn't throw an error when it in fact cannot store anything.

Best, Konrad

update: For clarification. I don't want to better I can't add a group within LDAP as this group only makes sense within Nuxeo.

update: Did get it to work by adding the user by updating the groups memberUsersproperty.