LDAP overrides deativaed users everytime

  • Used Zammad version: 4.1.x latest
  • Used Zammad installation type: package
  • Operating system: Ubuntu 20.08
  • Browser + version: Firefox latest

Expected behavior:

The LDAP is synchronizing the user’s right. And then I deactivate the ones I don’t need right now. Admins and agents.

Actual behavior:

Every time the LDAP is synchronizing the users are getting activated again.

Steps to reproduce the behavior:

Is there any way to change this.?

Please help us understand at which point our documentation is miss leading and let’s you turn the wrong way:
https://admin-docs.zammad.org/en/latest/system/integrations/ldap.html

By this we can improve it to help future users on this.

Hello MrGeneration,

i guess nothing in your documentation is missunderstand abel, it worked for me to synchronize my LDAP.

i synchronised a group in there are more admins and agents then are the once who are working in the zammad system right now.
i just tryed to deactive the “right now unused ones” for later when i need them. to activate them easily.

so if i understand it right. if i deactive the users in the LDAP they will get synchronised and set as deactivated? As long as they are activated in the LDAP they will be always a actived user in the zammad system?

Thanks Stephanie

As long as Zammad finds the users in question in it’s ldap search query, it will update the users in question accordingly to their states. This means if in doubt these users will also be set to active again.

For Zammad LDAP is the source of truth at all points.
If a user prior synchronized via LDAP is no longer found in LDAP results, it will be set to inactive automatically.

Thank you very much. Makes sense.
I will create an group Zammad-agent and just synch this one.

Can be closed

add this to end of user filter in ldap settings to disable users in zammad when disabled in ldap

(!(userAccountControl:1.2.840.113556.1.4.803:=2))

1 Like