Description of problem:

LDAP: If ldap user is moved from one ldap group to another with different role previlages, after login user should have previlages of role to which the user is currently member of group.

Version-Release number of selected component (if applicable):


How reproducible:

3.0.0-SNAPSHOT

Steps to Reproduce:

1. Create two ldap groups (Ex: Test1 and Test2)
2. Create two ldap users (user1 and user2)
3. Make ldap user 'user1' member of 'Test1' ldap group.
4. Make ldap user 'user2' member of 'Test2' ldap group.
5. Login to rhq as rhqadmin.
6. Assign ldap group 'Test1' to some role say 'All Resources Role'.
7. Create a new role say 'Role2' and assign ldap group 'Test2' to 'Role2'.
8. Logut and login as user1 to rhq.
9. Logout and login as user2 to rhq.
10. Move ldap user 'user2' from ldap group 'Test2' to 'Test1'.
11. Login to rhq as user 'user2'.
12. Check the user role privileges after login.
  
Actual results:

User has privileges of previous role 'Role2'.

Expected results:

User should now have different privileges (of role 'All Resources' role) based on the role to which the user is currently member of group.

Additional info: