Zammad LDAP integration combines accounts

  • Used Zammad version: 4.0.x
  • Used Zammad installation type:package
  • Operating system: debian 9
  • Browser + version: any

Expected behavior:
LDAPs should synchronize our active directory and should simply create a new user account for every user that exists in our AD.

Actual behavior:
After synchronizing our AD with Zammad with default values(givename, surname, email, telephone and login), it took an exisiting AD User’s Loginname where the E-Mail address matched and wrote that into another Zammad User’s profile. For example: We had a user “Test One” with the Mailadress “” existing in Zammad - in our active directory another user with a different name had the Mailadress “” - after the LDAP integration, zammad now combined those 2 accounts together and additionally added another account under the correspondent loginname from our AD.

Afterwards I tried to correct this mistake by removing the telephone number and e-mail address from zammad’s AD integration and to restart the integration process. Sadly it continues to pull the information and combines them with the wrong Zammad Account.

So afterwards we have 2 accounts - 1 from the active directory with the correspondent information, and 1 that was existing in Zammad, but which was edited and cannot be used anymore, since the name has changed to the user which had the Mailaddress entered in the active directory - So the login from user “test1” was changed to the login name from the active directory (which is a completely different account), also the first name and surname were changed.

Steps to reproduce the behavior:
-Have an existing user with name “test1” with the mailaddress “” in your Zammad
-Have an existing user with Mail “” in your active directory Mailaddress field
-Configure LDAPs
-Start synchronisation

My workaround:
Delete the Zammad User - work with the AD integrated User, transfer tickets ownership and of different knowledge base entries

It is okay for me to use this workaround - tho I would still like to report this as a bug.
For people with bigger dimension active directories, fixing this issue could be a long time investment.

Now I wanted to ask if it is possible to somehow reset the LDAPs connection, delete the AD entries in Zammad and then to reconfigure LDAP without Mailaddress being taken from AD.

1 Like

Thats very interesting! The email-address looks like a primary-key for matching ad-users in zammad. I think it would be better to use the SID or GUID here…
I have a Problem after changing all name-attributes including the username and the mail-address of a specific ad-user (when someone gets married or similar).
Described here
But I didn’t got a helpful answer yet. Just a developer on github telling me he can’t reproduce. (But he didn’t renamed mail adress, see here)

1 Like

Hello Jim,

thanks for the reply, tho I can verify that I do not have problems changing the names of various users.

My problem is regarding the mail-adress of a user in AD somehow swapping over to a completely different user in Zammad, just because the Mail-adress matches.
I would understand if it was a mechanism to copy existing AD information into the Zammad-user Account by matching Mailaddresses - but then why is there a duplicate entry for that user? Some information was thrown into the Zammad Account, and other information was thrown into a completely new Zammad Profile.

Now I think this is because Zammad realized the matching E-Mail Address and tried to combine them - upon checking the loginname, first name and surname it realized that it’s a different account, yet it wasn’t able to solve it as it seems

This topic was automatically closed 120 days after the last reply. New replies are no longer allowed.