I've come across a strange issue with plone 5.2.4. We have a site that uses the LDAP add on (pas.plugins.ldap 1.8.0) for user authentication. We have a few LDAP accounts that have been granted write access at the top level of the site and those permissions are inherited to all folders. This works as expected.
If I go into one of the sub folders and give another LDAP account all available permissions from the sharing UI, the permissions for this account do not work properly. The new account sees the editing UI in this folder, but when you click on the Edit button you are presented with an error about "insufficient permissions". The accounts that have edit access from the folder above can still edit content in the sub folder.
In the sub folder sharing UI, if I turn off the "Inherit permissions from higher levels" check box and add local permissions for each of the LDAP accounts, this problem goes away and everyone can edit.
Is this a bug with Plone, the LDAP add on, or am I misunderstanding how the inherited permissions should work in Plone?