LDAP users marked inactive after SAML login

Infos:

  • Used Zammad version: 3.4.x
  • Used Zammad installation source: (source, package, …) Package (Ubuntu)
  • Operating system: Ubuntu 18.04
  • Browser + version: Safari

Expected behavior:

  • SAML users don’t get marked as inactive after initial login & sync to LDAP.

Actual behavior:

  • We sync against LDAP and Authenticate via SAML (GSuite). On first login user does not have any issue. Once they log out and an LDAP sync happen their account lists as inactive and they cannot log back in. Automatic account link on initial login is on. - This happens with “login with google” as well

Steps to reproduce the behavior:

  • login via SAML user once, sync to ldap and then user gets marked inactive.

Sounds like the users in question somehow qualify in terms of the LDAP sync.
While they do qualify as ldap users, it seems like they do not appear within the search results and thus are deactivated during the ldap sync. This happens hourly. Re enabling those users is useless.

Ensure that the users in question appear within the ldap search of Zammad and this issue won’t appear.

Similar to my last thread, I’ve dropped LDAP sync and let users be generated on first login from SAML/Google so I think this thread can be ignored.