LDAP sync: missing contacts

rsysadmin · March 25, 2021, 7:42am

Infos:

Used Zammad version: 3.4.x
Used Zammad installation source: RPM
Operating system: CentOS 8
Browser + version: any

Expected behavior:

To see all AD contacts matching an LDAP filter

Actual behavior:

Some contacts do not show up

Steps to reproduce the behavior:

Setup LDAP

I am using this LDAP filter to retrieve only active AD accounts + public folders + active accounts, including email aliases:

(&(!(userAccountControl:1.2.840.113556.1.4.804:=2))(|(objectClass=publicFolder)(objectClass=person)(objectClass=group))) proxyAddresses

When I run ldapsearch from the command line I can find everything I want… still, Zammad does not find them when I go to the “Users” section nor when I want to send an email in a trigger.

Am I overseeing the obvious?

Thanks in advance!

Best,
Martin

rsysadmin · April 1, 2021, 4:02pm

Anyone?

TIA,
Martin

MrGeneration · April 6, 2021, 11:03am

Blind guess:
Check your uid that Zammad did recognize and ensure it does appear on all matches.

rsysadmin · April 7, 2021, 1:39pm

Hi @MrGeneration

do I have to modify my LDAP filter above?

Thanks,
Martin

MrGeneration · May 19, 2021, 6:06pm

Hey Martin,

as you said that the search filter does return all users you’re expecting with a ldapbrowser, the filter should™ be fine.

So everything that’s in theory left is something being up with either the account (e.g. duplicate unique identifier aka email or the account identifier being detected incorrectly).

Zammad checks the first entries during setting up ldap and then anticipates the correct UUID identifer.
For Active Directories this should be samaccountname. OpenLDAP usually uses uid.

That depends on your LDAP source.
In rare cases or maybe even unclear situations Zammad may guess wrong and pick an identifier that’s invalid. This means e.g. samaccountname seemed correct but uid would have been. In those situations above described issue may appear. The UID field may not be empty.

You can check within the integrations page (for the identifier part) and double tab that Zammad guessed correct.

system · September 16, 2021, 6:07pm

This topic was automatically closed 120 days after the last reply. New replies are no longer allowed.