LDAP synchronized User delete on LDAP, how to disable the deactivation


  • Used Zammad version: 5.2.3
  • Used Zammad installation type: (source, package, docker-compose, …) package
  • Operating system: Debian 9
  • Browser + version: Edge and Chrome newest versions

Expected behavior:

After deleting a user from ldap and cleaning the deleted user objects the ldao sync should no longer take care of the zammad user. How to change the Zammad user to a “non LDAP synchronized” user.

Actual behavior:

After the next LDAP sync the user gets deactivated again. Seems that the user is hardlinked to the ldap sync.

Steps to reproduce the behavior:

Activate user, resync LDAP

If Zammad deactivates a user this is an indication that the user in question was previously synced by Zammads LDAP sync and no longer appears in the search results. This causes Zammad to deactivate the user in question.

This is a core behavior and cannot be overcome. Fix the ldap result and ensure the user appears - this will fix the issue.

Zammad expects that users that are no longer available via LDAP are to be inactive.


in my Zammad instance i have the opposite problem:
LDAP-Integration + defined groups which should be synced.

Wenn i

  1. change the group membership of a user (previously synced from AD) to a group (in AD) that should not be synced (by definition in LDAP-Integration)

  2. deactivate the user in Zammad

  3. run LDAP-synchronisation

the user becomes active again.

Is it possible to inactivate a user in Zammad by define something in the LDAP-Integration?
For example: user in group INACTIVE set to inactive in Zammad too?


Please see the LDAP integration limitations ( LDAP / Active Directory — Zammad Admin Documentation documentation ) and the tip for managing ldap sources:
Manage LDAP-Sources — Zammad Admin Documentation documentation

Your user filter decides. If the user appears in the search result, it’s per definition not inactive.
LDAP always wins.

This topic was automatically closed 120 days after the last reply. New replies are no longer allowed.