We upgraded Lime Survey from 2.05+ to 2.50 and initially testing seemed fine. The database update seemed to work OK.

Now we noticed some users have LDAP authentication turned off.

Some users have the top level "create surveys" permission enabled, which gives them
access to surveys they have no right to see with data owned by other people.

Also, the feature to auto create users who sign in over LDAP doesn't seem to work ("credentials are valid but we failed to create a user" appears on the screen).

Are there solutions to these problems or should we restore 2.05?

As for the permissions: There have been some changes (see up to date documentation at www.limesurvey.org/manual/Manage_users#S...rmissions_for_a_user ).

If a user has the global right to VIEW surveys, they can see all surveys. If you want them to only see their surveys or the ones they were assigned to, give those user only the CREATE right for surveys.

We found the issue blocking user creation from LDAP login. The LDAP Auth plugin requires fields for full name and mail attributes from LDAP or it won't make users. So for AD that is displayName and mail. Users are created now.

The permissions will need to be fixed on the backend. We have over 250 Survey Admins so we are not doing it by hand.

Developers should be aware that by default Survey Admins should not have rights to view other surveys on the system. In the academic world, this is a BIG NO NO!