LDAP Dyanmic Filter Part: whenChanged

Title: LDAP Dyanmic Filter Part: whenChanged

What is the idea or pain point: Large LDAP sync, 80k users, very little changes every hour.

  • describe what is the problem you like to solve?
    Decrease amount of entries needed to be checked for changes.

  • describe one or two concrete situations where this problem hurts the most
    High CPU load when running a sync of 80k LDAP users

  • why is it not solvable with the Zammad standard?
    I’ve done this by setting a cronjob that updates the LdapSource once a day so that whenChanged is always looking back 7-8 days.

Help us understand:

  • describe WHAT is your expectation / WHAT do you want to achieve?
    Setting a user_filter for the LdapSource dynamically. Perhaps just even the whenChanged value.
    (&(objectCategory=CN=Perso…)(whenChanged>=LAST_7_DAYS))
    would get updated to the timestamp of the value 7 days in the past before running an LDAP sync to cut down on the amount of users checked. This would need to be a value other than the last time ran since the whenChanged slowly replicates and you would miss changed items based on the slow replication.

This is stupid. It worked out well for a while until we hit on a user that didn’t get their entry updated daily… Then I realized if it didn’t sync the user it disabled them. sigh 78k users synced way to often. :frowning: