Currently the directory connect using filters (for example user filters) will overwrite each other, which in my opinion cant be intended.
What i mean is, if i set an “includeGroup” filter for the “User Filter” and configure it to a specific group, i would expect and “exclude” or and “excludeGroup” filter to be applied on top of that “includeGroup” filter, but thats not the case. The “excludeGroup” filter will basically overwrite the “includeGroup” filter and will include all users EXCEPT for the ones in the specified group. This then continues with more filters, where one overwrites the other.
In my opinion this should be changed so an exclude will not overwrite an include but will work on top of it or there should be some logic (either a toggle or some syntax in the filter input field) to properly manage how those filters are applied
Perhaps it has to do with this axiom: “A bug is something that does not work as the developer intended; a feature request is something that does not work as the user intended”.
You are talking about the level of groups here only, right?
I must say, I’m not familiar with Directory Connector myself, but let’s say we have groups A-Z:
When you include groups A-C, then that already and automatically excludes groups D-Z.
When you exclude groups A-C, then that already and automatically includes groups D-Z.
Right?
In both approaches, you are effectively doing the same thing, just either defining what you include (and what therefore automatically is excluded) or what you exclude (and therefore what automatically is included).
I think I don’t really understand – logically – what you would even accomplish with an additional exclude or include rule? (I hope you don’t want to include and exclude any group at the same time?!?)
PS: From similar contexts: it’s usually only the question which of the two is easier to define – what you want to include or what you want to exclude. Therefore the two options. But if you see it, please explain the benefit of using both options at the same time.
Hey, so in the meantime i created a PR for this which i still have hope will maybe be merged and implemented.
So your example with the groups makes total sense, nothing against that, thats exactly how i see it aswell.
The problem i am facing is, i have groups A-Z and i want to include only users in group A, so that in general is absolutely possible, no problem there. But for example there is a subgroup of A (or a specific user) i want to exclude, there is no option at all to do this. If i configure the filter to include group A and for example exlclude group A.C this completly ignores the include filter and will include all groups and all users from A-Z only excluding group A.C, no matter for my include filter. Same for when i want to exclude specific users.
The practical example here is, for example i am managing bitwarden for a company which has a specific group which includes all users of the company (for example active working and recently left or all colleagues plus guests) i can use the include group filter to include that specific group. But the problem is, there are for example 2 or 3 sub groups of that group which do not need bitwarden access at all (for example external colleagues or guests or just specific teasms that dont need bitwarden) the logical thing would be to include that general group and than exclude the users of the specific groups using the exclude filter. But this way the include filter is completly ignored and the whole logic only applies the exclude filter.
If i would want to use this as i would need, i would have to make sure to select and exclude all groups i want to exclude and make sure that all groups that may in the future be added are also manually excluded, so the list has to be updated.
The other option, of course, would be to create a separate group that will include all the users i want included and only filter for that, but thats basically the same problem, where i have to make sure that this additional group is also always updated when users change. It makes more sense (atleast for me) to use existing groups, which i know are used and updated regularly and properly and apply my filters on this specific group.