You are not logged in.

Announcement

 Téléchargez la dernière version stable de GLPI      -     Et vous, que pouvez vous faire pour le projet GLPI ? :  Contribuer
 Download last stable version of GLPI                      -     What can you do for GLPI ? :  Contribute

#1 2018-07-30 16:04:52

jmoran
Member
Registered: 2017-08-08
Posts: 11

Disabled LDAP Users not Disabled in GLPI

Hello
I have noticed that when we disable users in LDAP and move them to a different OU as per our process, that the disabled user accounts are not updated in GLPI. The user's account in GLPI still reflects the old OU and is still marked as active. Is the something I am doing wrong?
Jason

Offline

#2 2018-07-30 16:28:11

jmoran
Member
Registered: 2017-08-08
Posts: 11

Re: Disabled LDAP Users not Disabled in GLPI

I can confirm that New Users and Password changes are reflected in GLPI. I have also discovered the user account synchronization under Bulk import users from a LDAP directory but between that and the cronjob "cd /usr/share/glpi/scripts && php -q -f ldap_mass_sync.php -- action=1 server_id=1" the account in GLPI does not change from Active YES to Active NO

Offline

#3 2018-07-31 18:06:51

jmoran
Member
Registered: 2017-08-08
Posts: 11

Re: Disabled LDAP Users not Disabled in GLPI

It doesn't seem that when a user is disabled in AD that is is automatically disabled in GLPI with the Synchronizing feature. I was hoping for a automated method rather than searching for the disabled users manually and then marking the Active Field as NO

Offline

#4 2018-09-07 20:25:16

KKAdmin
Member
From: Germany
Registered: 2010-03-05
Posts: 959

Re: Disabled LDAP Users not Disabled in GLPI

omg - because this issue https://github.com/glpi-project/glpi/issues/993 it must go but i didn't know how.


action=2 that's it

of course you have to set "setup -> authentication ->setup -> set action when a user is deleted from the ldap directory. to disable

Last edited by KKAdmin (2018-09-07 20:27:08)


You can mark this threat as [resolved] in subject of your threat. (This is only available edit of the first post.) It is good for users who help others to quickly see which post is still open.
##############################################
GLPI 9.3.3

Offline

#5 2019-09-25 17:42:55

snowman386
Member
Registered: 2006-07-28
Posts: 88

Re: Disabled LDAP Users not Disabled in GLPI

I am having an issue with this. I have "disable and withdraw dynamic authorizations" setup and my ldap query only returns 274 active users. I run the mass import script with action=2 but no users are disabled. I have many users that are no longer returned in the ldap search yet their glpi account is still active. In the glpi user object it shows "User missing in LDAP directory" so that is syncing correctly. Not sure why the user is not being disabled and removed from groups as I have set. I think this is a new behavior in 9.3 but not sure.

Offline

#6 2019-09-27 04:19:22

KKAdmin
Member
From: Germany
Registered: 2010-03-05
Posts: 959

Re: Disabled LDAP Users not Disabled in GLPI

BaseDN is correctly set ?
Where is your output of the script ?


You can mark this threat as [resolved] in subject of your threat. (This is only available edit of the first post.) It is good for users who help others to quickly see which post is still open.
##############################################
GLPI 9.3.3

Offline

#7 2023-09-13 14:31:23

spamma.master
Member
Registered: 2016-01-05
Posts: 70

Re: Disabled LDAP Users not Disabled in GLPI

Is the reverse also possible ?

We got a user that has been disabled by error (there was an ldap connectivity problem during a sync):
2231293    13-09-2023 08:23        Deleted User in LDAP Directory    Change No to Yes
2231294    13-09-2023 08:23        Active                    Change Yes to No

After the ldap connectivity is restored:
2234377    13-09-2023 14:18        Deleted User in LDAP Directory    Change Yes to No

The user stays inactive..

Offline

Board footer

Powered by FluxBB