Ldap sync deletes permissions and profiles #15102
Comments
|
Please try on latest 10.0/bugfixes nightly build. |
|
I have updated to the latest version 10.0.8 and I still have the same problems. I have also found out that all rules with '(LDAP) ...' only work when logging in and not during the sync itself.
They also don't work when I test the rule set. Please help! |
|
Hi, Rules should act the same whether they are processed during mass sync or during authentication. I do not have time to try reproduce this issue right now, so I cannot confirm the issue.
The rule test feature is not working with LDAP criteria. This bug has already been identified in #14059, but I have not been able to fix it yet. |
|
There has been no activity on this issue for some time and therefore it is considered stale and will be closed automatically in 10 days. If this issue is related to a bug, please try to reproduce on latest release. If the problem persist, feel free to add a comment to revive this issue. You may also consider taking a subscription to get professionnal support or contact GLPI editor team directly. |
|
Ne feedback from a while, closing |
|
sorry i only saw this now, this problem still exists as of today |
|
There has been no activity on this issue for some time and therefore it is considered stale and will be closed automatically in 10 days. If this issue is related to a bug, please try to reproduce on latest release. If the problem persist, feel free to add a comment to revive this issue. You may also consider taking a subscription to get professionnal support or contact GLPI editor team directly. |
|
This problem still exists |
Code of Conduct
Is there an existing issue for this?
Version
10.0.7
Bug description
We use an Ldap sync cron job that syncs all users once a day. Permissions and profiles are removed and only reassigned when people log in.
We use the following rules to assign identities and profiles to the synchronized users.
RULE OPERATOR = and
The first four rules are used for the IT department employees, while the last rule is for all other users who should not log in but still need to be present in GLPI for assignments.
The only rule executed during LDAP sync is the last one, which has "no rights". The other rules are applied only when the user logs in, which means that IT department employees have no rights and no assignments until they log in.
The individual rules are executed correctly. However, when I perform a complete test of the rule set, only the last one with "no rights" is executed. What could be the reason for this?
Just to clarify, I want all rules to work directly during LDAP synchronization and not just when users log in. Similar to the "No Rights" rule. Because if the users have no entity and no permissions, they are also not available for selection, for example, for assets or tickets. Even if the group assignment is missing, the users won't receive notifications until they log in again, and that could be too late in many cases.
And I have one more question or problem. When the LDAP sync is performed, all users are logged out. Is there a way to prevent that from happening?
Relevant log output
No response
Page URL
No response
Steps To reproduce
No response
Your GLPI setup information
No response
Anything else?
No response
The text was updated successfully, but these errors were encountered: