We have set up a Zammad instance and have most everything working. We’re now at the point shortly before moving to production stage, but trying to allow customers to connect to the web interface, we ran into a problem. Every single customer account (created automatically by sending a mail to the system) is being disabled by the LDAP sync process (internal users/agents are authorized through LDAP), which in turn prevents them from logging in.
Of course, disabling users no longer found in the LDAP source is a good idea, but this should only apply to users CREATED by the LDAP source. Messing with settings of other users eems something of an overreach …
I tried setting the LDAP option for “users without LDAP group” to registration role, but this didn’t help either.
I can’t put every single customer into our LDAP database, of course, just to let them log in. From what I can tell, I also can’t just disable LDAP sync, just LDAP in total. So this isn’t a solution either.
So how do I solve this dilemma?
(weirdly, there are some accounts that are still active, even after the sync, but I can’t tell what is causing this)
Nope, doesn’t work … reproducable … Set the account to active, run the manual sync, user inactive again … tried with additional accounts, too, not just the one I kept using … same behavior. As mentioned before, not all accounts marked as customer are deactivated, though … not sure what the difference is, they look the same from the Web GUI …
OK, weird thing …
As our IDP (Authentik) that is used as an authentication frontend for our customers to ensure only customers have access to their portal page can do LDAP, and everybody relevant has to be in there, I added it as a second LDAP source. Only activating those accounts would be fully sufficient.
When I once again ran that sync, ALL the previously deactivated users are now active, even the ones not in the IDP (I had the signup roles configured). So with the second, it behaves like suggested. Also, deactivated users in our company LDAP are correctly deactivated in Zammad.
So while I’m not sure what is actually going on here, at least I have the problem solved for now …
