LDAP All users are skipped

NickMos · October 14, 2019, 7:05am

Infos:

Used Zammad version: 2.8.x
Used Zammad installation source: docker
Operating system: docker
Browser + version: any
T#1056293

Expected behavior:

Actual behavior:

LDAP stopped working. All users are skipped but LDAP was working before we try to add a new Role. All users are already created and was working well.

Settings

NAME	VALUE
Base DN	cn=accounts,dc=example,dc=com,dc=au
Bind User	uid=readonly,cn=users,cn=compat,dc=example,dc=com,dc=au
UID	uid
User Filter	(objectClass=inetOrgPerson)
GID	dn
Group Filter	(objectClass=posixgroup)

Mapping

User

LDAP	ZAMMAD
uid	login

Role

LDAP	ZAMMAD
cn=zammadadmin,cn=groups,cn=accounts,dc=example,dc=com,dc=au
cn=accounts,cn=groups,cn=accounts,dc=example,dc=com,dc=au

Sync Result

Users: 0 created, 0 updated, 0 untouched, 73 skipped, 0 failed, 0 deactivated

NickMos · October 14, 2019, 7:13am

Send an email to support@zammad.com with debug output using that script
https://github.com/zammad/zammad/issues/2093#issuecomment-399530405

MrGeneration · October 15, 2019, 12:27pm

Hey,

I’ve taken a look. It looks like your Zammad can’t find any users matching the configured filters you provided. Also, as you told Zammad to skip not mapped users, it will ignore all users it might have found. Ensure that your group mapping is good to go and also that your login attributes are working and fetchable.

      "user_attributes"      =>{ 
         "login"         =>         "Login",
         "firstname"         =>         "Firstname",
         "lastname"         =>         "Lastname",
         "email"         =>         "Email",
         "web"         =>         "Web",
         "phone"         =>         "Phone",
         "mobile"         =>         "Mobile",
         "fax"         =>         "Fax",
         "department"         =>         "Department",
         "address"         =>         "Address",
         "note"         =>         "Note"
      },
      "roles"      =>{ 
         "1"         =>         "Admin",
         "2"         =>         "Agent",
         "3"         =>         "Customer",
         "4"         =>         "xyz,
         "5"         =>         "xyz",
         "6"         =>         "xyzt"
      }
   },
   "user_uid"   =>   "uid",
   "user_filter"   =>   "(objectClass=inetOrgPerson)",
   "group_uid"   =>   "dn",
   "group_filter"   =>   "(objectClass=posixgroup)",
   "user_attributes"   =>{ 
      "uid"      =>      "login"
   }

Fire up a ldap browser (or so) and check if the user_filter above works for you. If so, also check the group filter. If that’s all right, check if you can find any users with the needed groups and the above filters.

To me it looks like Zammad is not able to map any role to the user which is why it’s skipping it.

system · February 12, 2020, 12:27pm

This topic was automatically closed 120 days after the last reply. New replies are no longer allowed.