You are not logged in.

Announcement

 Téléchargez la dernière version stable de GLPI      -     Et vous, que pouvez vous faire pour le projet GLPI ? :  Contribuer
 Download last stable version of GLPI                      -     What can you do for GLPI ? :  Contribute

Pages: 1

#1 2024-10-01 09:43:14

Heunisch GH
Member
Registered: 2024-10-01
Posts: 4

LDAP sync does not find Changes

Hello,

we use GLPI v. 10.0.16. I have updated it vom 10.0.3.
I also updated vom PHP v. 7.4 to v. 8.3

Now i have nearly everything up an running, but there is an issue with LDAP synchronization.

This is my Configuration for my LDAP Connection (Active Directory Windows 2022 Server)

I use LDAPs, and for Bind its a standard Domain-User, no Administrator.

A connection-test succeeds.

We have  around 200 users in our AD, and we changed some files, e.g. email and description.

BUT now when i search for users to synchronize I get always the same 42 users. Even if I do a sync of all 42, the same users come up for the next synchronization..
When there is a change in one of these 42 users, the changes will be applied to GLPI.

When I do a change in mail or description in one of the other users, this entry won't appear in the GLPI synchronization list.


These are my settings:

Connection to LDAP-Server:

Server: ldaps://Domaincontroller.gh.local
Port: 636
BaseDN: OU=Benutzer,OU=Heunisch,DC=GH,DC=local (all Users are in OU located under "Benutzer") I have aldready tried to use the complete BaseDN path, but it doesn't change anything.
RootDN: CN=GLPI LDAP,OU=Serviceaccounts,OU=Heunisch,DC=GH,DC=local  (GLPI LDAP is a default Domain-User, no Administrator. I've also tried Administrator, but also doesn't change anything.)

Login-Field: samaccountname
Synchronization-Field: objectguid


I've searched the forum for hints on this issue, but i was not able so solve my problem.


Has anybody an idea with this?

Thanks a lot!
Frank

Offline

#2 2024-10-01 15:34:00

Rafumel1774
Member
Registered: 2019-05-11
Posts: 131

Re: LDAP sync does not find Changes

Im am struggeling to unserstand the issue. When you add a user in AD will it appear in GLPI after sync?

Offline

#3 2024-10-02 07:38:20

Heunisch GH
Member
Registered: 2024-10-01
Posts: 4

Re: LDAP sync does not find Changes

Yes, new users do appear wenn I use "import new users" in GLPI. These new users also appear in the synchronization-list afterwards.
But GLPI always tries to sync the same users (only 42 out of ~200)

Offline

#4 2024-10-03 10:29:17

Rafumel1774
Member
Registered: 2019-05-11
Posts: 131

Re: LDAP sync does not find Changes

why not run the sync by CLI/cron?

Offline

#5 2024-10-07 08:41:34

Heunisch GH
Member
Registered: 2024-10-01
Posts: 4

Re: LDAP sync does not find Changes

When i run in CLI it is excatly the same:

root@ghh-glpi:/var/www/html/glpi/bin# php console ldap:sync -u --ldap-filter=objectClass=user
+--------------+------------------+
| LDAP Servers | GHH-DC05 (2)     |
| LDAP Filter  | objectClass=user |
| Startdatum   |                  |
| Gültig bis   |                  |
+--------------+------------------+
Möchten Sie fortfahren? [Yes/no]yes
Verarbeitung des LDAP-Servers "GHH-DC05"...
Vorhandene Benutzer mit Server "GHH-DC05" aktualisieren ...
 42/42 [============================] 100%
+-------------+------------+----------------+-------------------+--------------------------------+
| LDAP Server | Importiert | Synchronisiert | Gelöscht vom LDAP | Aus dem LDAP wiederhergestellt |
+-------------+------------+----------------+-------------------+--------------------------------+
| GHH-DC05    | 0          | 42             | 0                 | 0                              |
+-------------+------------+----------------+-------------------+--------------------------------+
root@ghh-glpi:/var/www/html/glpi/bin# php console ldap:sync -u --ldap-filter=objectClass=user
+--------------+------------------+
| LDAP Servers | GHH-DC05 (2)     |
| LDAP Filter  | objectClass=user |
| Startdatum   |                  |
| Gültig bis   |                  |
+--------------+------------------+
Möchten Sie fortfahren? [Yes/no]yes
Verarbeitung des LDAP-Servers "GHH-DC05"...
Vorhandene Benutzer mit Server "GHH-DC05" aktualisieren ...
 42/42 [============================] 100%
+-------------+------------+----------------+-------------------+--------------------------------+
| LDAP Server | Importiert | Synchronisiert | Gelöscht vom LDAP | Aus dem LDAP wiederhergestellt |
+-------------+------------+----------------+-------------------+--------------------------------+
| GHH-DC05    | 0          | 42             | 0                 | 0                              |
+-------------+------------+----------------+-------------------+--------------------------------+

Offline

#6 2024-10-07 09:45:25

Rafumel1774
Member
Registered: 2019-05-11
Posts: 131

Re: LDAP sync does not find Changes

Odd. I saw something like this on a bugged (older) version but you are on latest. So I am out of ideas at the moment.

Offline

#7 2024-10-08 14:39:11

Heunisch GH
Member
Registered: 2024-10-01
Posts: 4

Re: LDAP sync does not find Changes

I found the solution...at least for on of my problems:

At first i had an unencrypted connection to my LDAP.  A few months ago, i created a new - and second - connection to my LDAP with encryption.
But every users is binded to only one LDAP-Directory. So i had so switch the 'bind' for all other users to my new connection.

No i have 360 users ready for synchronisation, that works.

But still - like before - i have always all users (now 360 instead of 42) ready für sync directly after every sync.

I can live with that.

But is this a normal issue?

Offline

Pages: 1

Board footer

Powered by FluxBB