You are not logged in.

Announcement

 Téléchargez la dernière version stable de GLPI      -     Et vous, que pouvez vous faire pour le projet GLPI ? :  Contribuer
 Download last stable version of GLPI                      -     What can you do for GLPI ? :  Contribute

Pages: 1

#1 2023-10-16 17:03:09

sIBajHYG
Member
From: Mission [KS]
Registered: 2023-08-18
Posts: 75

[SOLVED] Synchronization with Active Directory

Good morning. Please tell me how to fix this problem?
fGkvil.jpg
My settings:
OrQ5Vq.jpg
Sync code:

(&(objectClass=user)(objectCategory=person)(!(userAccountControl:1.2.840.113556.1.4.803:=2))(!(samaccountname=*$)))

Last edited by sIBajHYG (2023-12-13 00:47:59)

Linux ubuntu-22.04.2-live-server-amd64, PHP 8.1.2, Apache 2.4.52, MariaDB 10.6.12, GLPI 10.0.15.
GLPI Inventory 1.3.5, PHP SAML 1.3.0,  Oauth IMAP 1.4.3, Additional Fields, 1.21.8,Ticket Cleaner.

Offline

#2 2023-10-18 08:41:33

cedric-anne
Administrator
Registered: 2018-07-02
Posts: 85

Re: [SOLVED] Synchronization with Active Directory

Hi,

This issue is probably due t the fact that you have 2 users with the same DN (the one visible in the error). If you delete permanently one of them (put it in trashbin then delete it from database), the problem should dissapear.

Offline

#3 2023-10-18 16:34:05

sIBajHYG
Member
From: Mission [KS]
Registered: 2023-08-18
Posts: 75

Re: [SOLVED] Synchronization with Active Directory

cedric-anne wrote:

Hi,
This issue is probably due t the fact that you have 2 users with the same DN (the one visible in the error). If you delete permanently one of them (put it in trashbin then delete it from database), the problem should dissapear.

Please tell me how best to fix this? As far as I understand, my mistake was that I created a user in AD with the same name for the “glpi” account (which is in glpi “from the box”). And now, I see that this entry “by default” was synchronized with the account from AD.
my AD account for synchronization:
jfSexo.jpg
duplicate accounts:
4O8gvA.jpg
1:
f6hBTn.jpg
2:
uMO78T.jpg

As far as I understand. account "1" - was created by glpi itself, but was changed after synchronization. account "2" - added from AD after synchronization.

I think there are 2 ways to solve the problem.
1. create a new account in AD with a unique name and reconfigure synchronization, and then delete "2" account "2"
2. create a new account "1" in glpi - with a unique name and then delete account "1" created by glpi.

Please tell me what is the best way to go. Which way is the safest? Is it possible to delete the "glpi" account with "Super Admin" rights, which was created by glpi itself (there are other users with "Super Admin" rights in glpi).

If I delete the default “glpi” user, then I’ll probably get a bunch of errors in the database, since many settings/categories of tickets/tickets/and much more were created on behalf of this user?

Last edited by sIBajHYG (2023-10-18 17:18:27)

Linux ubuntu-22.04.2-live-server-amd64, PHP 8.1.2, Apache 2.4.52, MariaDB 10.6.12, GLPI 10.0.15.
GLPI Inventory 1.3.5, PHP SAML 1.3.0,  Oauth IMAP 1.4.3, Additional Fields, 1.21.8,Ticket Cleaner.

Offline

#4 2023-10-18 17:10:38

sIBajHYG
Member
From: Mission [KS]
Registered: 2023-08-18
Posts: 75

Re: [SOLVED] Synchronization with Active Directory

I went along the 1st path. created a new user in AD for synchronization, disabled the old one and reconfigured synchronization in glpi for the new user. everything seems to be working correctly. The errors disappeared, no new ones appeared. Thanks for your help!

Linux ubuntu-22.04.2-live-server-amd64, PHP 8.1.2, Apache 2.4.52, MariaDB 10.6.12, GLPI 10.0.15.
GLPI Inventory 1.3.5, PHP SAML 1.3.0,  Oauth IMAP 1.4.3, Additional Fields, 1.21.8,Ticket Cleaner.

Offline

Pages: 1

Board footer

Powered by FluxBB