Skip to content
This repository has been archived by the owner on Dec 27, 2023. It is now read-only.

Accountstatus LDAP always synced #7426

Open
Nachtlichtermeer opened this issue Dec 9, 2022 · 2 comments
Open

Accountstatus LDAP always synced #7426

Nachtlichtermeer opened this issue Dec 9, 2022 · 2 comments

Comments

@Nachtlichtermeer
Copy link

Nachtlichtermeer commented Dec 9, 2022
edited

sudo -u www-data php /var/www/*/htdocs/tine20/setup.php --sync_accounts_from_ldap
without
--syncaccountstatus
tries to sync the account status.

(
    [accountLoginName] => 1
    [accountLastPasswordChange] =>
    [accountExpires] =>
    [accountPrimaryGroup] => 1
    [accountDisplayName] => 
    [accountLastName] => 1
    [accountFirstName] => 1
    [accountFullName] => 
    [accountEmailAddress] => 1
    [accountHomeDirectory] => 
    [accountLoginShell] => 
    [visibility] => 
    [accountStatus] => Closure Object
        (
            [parameter] => Array
                (
                    [$options] => <required>
                )

        )

)
a459b6 - setupuser - 2022-12-09T12:22:41+00:00 DEBUG (7): Tinebase_User::_checkAndUpdateCurrentUser::721 Diff found in field accountStatus current: disabled new: enabled
a459b6 - setupuser - 2022-12-09T12:22:41+00:00 DEBUG (7): Tinebase_User::_syncDataAndUpdateUser::648 Record needs an update

so if i deactivate an user in tine and sync with ldap this user is reactivated
@lab-at-nohl
Copy link
Member

Hi, this is very unfortunate. I submitted a PR that may have caused this. In my testings everything was synced fine. However, I tested like changing ldap and check if these are synced back to Tine when user logs in.

Please see my changes in User.php. Especially the element accountStatus in the array. I guess I have overseen that the function is not executed but returned as such.

Could you change line 690 until 695 in file Tinebase/User.php like this and try again?

            'accountStatus' => call_user_func(function() use ($options) {
                if (isset($options['syncAccountStatus'])) {
                    return (bool) $options['syncAccountStatus'];
                }
                return null; 
            }),

Can you try the Sync-Command with and without --syncaccountstatus after changing the file like above?

Thanks and sorry for the trouble.

@Nachtlichtermeer
Copy link
Author

great, this works as expected!

without --syncaccountstatus old disabled users are disabled furthermore after LDAP-sync and with --syncaccountstatus they are reactivated

i leave the ticket open until bugfix is submited

lab-at-nohl added a commit to lab-at-nohl/Tine-2.0-Open-Source-Groupware-and-CRM that referenced this issue Dec 12, 2022
@lab-at-nohl
Fix (Tb ldap user): Sync accountStatus issue again
ac21d7c 
Fixes issue tine20#7426. @Nachtlichtermeer tested the fix with `setup.php --sync_accounts_from_ldap [--syncaccountstatus]`
@lab-at-nohl lab-at-nohl mentioned this issue Dec 12, 2022
Merged
pschuele pushed a commit that referenced this issue Dec 28, 2022
@lab-at-nohl @pschuele
Fix (Tb ldap user): Sync accountStatus issue again
6b80044 
Fixes issue #7426. @Nachtlichtermeer tested the fix with `setup.php --sync_accounts_from_ldap [--syncaccountstatus]`
pschuele pushed a commit that referenced this issue Jan 10, 2023
@lab-at-nohl @pschuele
fix(Tb/ldap/user): Sync accountStatus issue again
bfcb927 
Fixes issue #7426.

@Nachtlichtermeer tested the fix with
`setup.php --sync_accounts_from_ldap [--syncaccountstatus]`
@lab-at-nohl lab-at-nohl mentioned this issue Aug 16, 2023
Closed
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@lab-at-nohl @Nachtlichtermeer