AEM Useradmin: select userA profile which is having userB,userC in its impersonators tab. Then add member userD to userA's impersonators list and save. When we refresh userA doenst retains the previous members in the impersonatorsList. (Not sure if this has something to do with jcr:oak re-indexing.)
But it's just the newly added member userD in the userA's imersonators tab list.
We see a post call in browsers network tab with url localhost:4502/home/users/A/id with memberAcion = sudoers memberEntry = userD
Do we know the file which triggers this post, so that we can ensure the post retains the previous members if so any in its memberEntry?
This seems to an issue with AEM 6.3.1.2 Useradmin save of addMembers removeMembers. Inorder to resolve the issue, I had to overlay AuthRelationPanel.js from libs and update the saveHandler funciton of CQ.security.AuthRelationPanel.
Looks like this is fixed with AEM 6.3.2.0 Release Notes #Security: LDAP users cannot impersonate another user using the Classic UI. NPR-21038: Hotfix for CQ-4207155 (See Configuration settings required for NPR-21038)