You are not logged in.
Pages: 1
Hello
I have noticed that when we disable users in LDAP and move them to a different OU as per our process, that the disabled user accounts are not updated in GLPI. The user's account in GLPI still reflects the old OU and is still marked as active. Is the something I am doing wrong?
Jason
Offline
I can confirm that New Users and Password changes are reflected in GLPI. I have also discovered the user account synchronization under Bulk import users from a LDAP directory but between that and the cronjob "cd /usr/share/glpi/scripts && php -q -f ldap_mass_sync.php -- action=1 server_id=1" the account in GLPI does not change from Active YES to Active NO
Offline
It doesn't seem that when a user is disabled in AD that is is automatically disabled in GLPI with the Synchronizing feature. I was hoping for a automated method rather than searching for the disabled users manually and then marking the Active Field as NO
Offline
omg - because this issue https://github.com/glpi-project/glpi/issues/993 it must go but i didn't know how.
action=2 that's it
of course you have to set "setup -> authentication ->setup -> set action when a user is deleted from the ldap directory. to disable
Last edited by KKAdmin (2018-09-07 20:27:08)
You can mark this threat as [resolved] in subject of your threat. (This is only available edit of the first post.) It is good for users who help others to quickly see which post is still open.
##############################################
GLPI 9.3.3
Offline
I am having an issue with this. I have "disable and withdraw dynamic authorizations" setup and my ldap query only returns 274 active users. I run the mass import script with action=2 but no users are disabled. I have many users that are no longer returned in the ldap search yet their glpi account is still active. In the glpi user object it shows "User missing in LDAP directory" so that is syncing correctly. Not sure why the user is not being disabled and removed from groups as I have set. I think this is a new behavior in 9.3 but not sure.
Offline
BaseDN is correctly set ?
Where is your output of the script ?
You can mark this threat as [resolved] in subject of your threat. (This is only available edit of the first post.) It is good for users who help others to quickly see which post is still open.
##############################################
GLPI 9.3.3
Offline
Is the reverse also possible ?
We got a user that has been disabled by error (there was an ldap connectivity problem during a sync):
2231293 13-09-2023 08:23 Deleted User in LDAP Directory Change No to Yes
2231294 13-09-2023 08:23 Active Change Yes to No
After the ldap connectivity is restored:
2234377 13-09-2023 14:18 Deleted User in LDAP Directory Change Yes to No
The user stays inactive..
Offline
Pages: 1