Infos:
- Used Zammad version: 5.3.0 / 5.1.1
- Used Zammad installation type: (source, package, docker-compose, …): package
- Operating system: debian 11
- Browser + version: Chrome/108.0.0.0
Expected behavior:
- After upgrading LDAP from 5.1.1 to 5.3.0, users should be assigned LDAP roles as configured
Actual behavior:
- only some users get assigned the configured roles from mapping
Steps to reproduce the behavior:
- upgrade from 5.1.1 to 5.3.0
Hi,
after upgrading from 5.1.1 to any higher version, not all users get assigned the correct LDAP rules.
Following situation:
All users from LDAP gets synced to zammad.
All users are members of the group users.
Some users are members of the group admin.
I have configured a mapping, all users being part of the group
cn=admin,ou=group should get assigned the roles admin, agent and customer
All users being part of the group
cn=users,ou=group should get assigned the role customer.
In version 5.1.1, everything is working as expected.
After the upgrade, only some users that are part of the admin group get assigned the admin and agent role. All other users being part of the LDAP group admin only get assigned the role customer based on the second filter
After doing a manual lookup in LDAP, I can see that the users with the fauly assignments are still part of the LDAP admin group.
When going to the user tab within zammad and clicking on a customer that should be an admin, zammad shows me checked boxes for admin, agent and customer. But this user can only do customer-related things and has no permissions for admin and customer. When clicking on apply without doing any changes to the checkboxes, the user gets assigned to the roles admin and agent. On the next LDAP sync, theres roles are gone again. Even if the checkboxes are still checked.
Seems to be related to After package upgrade LDAP Syncs remove all roles from admins and agents · Issue #4168 · zammad/zammad · GitHub
All LDAP accounts without spaces or special characters.
Would be great if someone could help me with that or tell me if there is a good way to debug this (e.g. zammad log files e.g.)
Thanks