LDAP lose connection to AD all users get deactivated

Infos:

Expected behavior:

  • If AD is unavailable, we want user sync not to run until it is available again

Actual behavior:

  • IF AD is unavailable all users are sets to inactive

Steps to reproduce the behavior:

  • Note sure if this is the actual problem, been trying to debug without finding anything.

Steps tried to debug:

Create file in /opt/zammad/debug_issue.rb

require ‘mixin/rails_logger’

module Mixin
module RailsLogger
def self.logger
@logger ||= Logger.new(log_to).tap do |logger|
logger.level = :debug
end
end

def self.log_to
  # STDOUT
  'debug_issue.log'
end

end
end

ImportJob.create(name: ‘Import::Ldap’).start

Run commands

su zammad
zammad run rails r debug_issue.rb

When I did this about clock 10AM I only got debug log between 5:30AM and 6:30AM witch it seems to be no problems in this time period. So not sure what to look for in this log file if anyone have any suggestions?

Running the debug manually will not provide logging in the scheduled sync situation.
So this will proberbly not help.

Can you please specify what exactly you mean by “looses connection”?

Because:
If Zammad can’t reach the LDAP server it will simply run into an timeout and not change the users at all. To change all users to e.g. inactive you would need a working ldap connection to your system but a returned empty search.

This indicates that’s something wrong with your LDAP server.

For a while our ldap server had problems witch made all of our zammad users deactivated.

Not like you explaining here as it should be.