You are not logged in.

Announcement

 Téléchargez la dernière version stable de GLPI      -     Et vous, que pouvez vous faire pour le projet GLPI ? :  Contribuer
 Download last stable version of GLPI                      -     What can you do for GLPI ? :  Contribute

#1 2019-01-11 14:35:57

mklimasz
Guest
Registered: 2017-12-14
Posts: 8

LDAP import ignores target entity

Hi

I need to report an issue, that began to manifest itself in version 9.3.2 - initially I've asked for advice, but nobody was able to help me:

>>>>>>>>>>>>>>>>>>>>>>>>>>>

I'd like to ask if anyone else observed the following behavior (after upgrade to 9.3.2): when users are imported via LDAP link, they always land in root entity, not the one pointed out in "Select the desired entity" box under "Import new users" form. Everything was running perfectly in 9.3.0 (this was the main reason for update - prior versions were behaving exactly as the newest, placing all users under main entity), but celebration seem too early - errorneous behavior is back...

I tested the setup under following constellations:
- role super-admin, root entity (tree structure), import to a certain, selected entity - failed (all land in root)
- role as above, selected entity (tree structure), direct import - failed (users land in root and disappear immediately from view - must switch to root to see them again)
- role as above, selected entity (direct), direct import - failed (exactly as in point above)

We're using multiple LDAP links (one for each sub-entity, as we're running GLPI for broader environment), that might also be a factor. I haven't been able to find any similar report on our forum. Any thoughts?

>>>>>>>>>>>>>>>>>>>>>>>>>>>

I've tried to get a workaround, but it seem like LDAP import simply ignores the "Target entity" and places every newly imported person into root despite of settings. When import is performed from within target entity - the same happens (they land in root), but then I also need to switch to a root to see those accounts at all (and must flip Authorizations one by one, because neither there is transfer action that may act upon Authorizations, nor the "Associate with Profile" function works - always ends in error (there seem to be some check, that prevents Self-service provile to be associated again to different entity using multi-target action).

I'm able to do more tests, if necessary. Currently version 9.3.3 is installed.

Bests,
Michal

Offline

#2 2019-01-22 13:20:30

mklimasz
Guest
Registered: 2017-12-14
Posts: 8

Re: LDAP import ignores target entity

Update:
Workaround has been found - setting up Rule under "Automatic user assignment" helps:
- Criteria: "LDAP directory" IS <<source LDAP server alias>>
- Action: "Entity" ASSIGN <<target entity>>
...but having the structure of entities defined asks for reflection under Rules, as every entity would have required assginment rule.

I don't know if that could be refined further (addressing subentities with OU=<<organizational unit>>), but works for now.

Offline

Board footer

Powered by FluxBB