LDAP groups are supposed to be refreshing automatically, but this applies only to groups that the user currently signing in is a member of. In other words, if you've created a group called "G", but no user that is the member of the group has signed in, this group will not get synced up to HgLab.
The whole LDAP integration story is a major weak point of HgLab, so I'm very open to any ideas in this (and any other, for that matter) area. What would be your ideal scenario when working with AD?
So we're basically looking for:
- using AD groups to manage memberships in groups
- give access to projects in HgLab by assigning groups (not users)
- we should also be able to "pick" users from AD even if they haven't logged into HgLab.