docs(admin): clarify LDAP user cleanup and manual deletion process #13895
Conversation
Signed-off-by: Josh <josh.t.richards@gmail.com>
Signed-off-by: Josh <josh.t.richards@gmail.com>
come-nc
left a comment
come-nc
left a comment
There was a problem hiding this comment.
I’m a bit concerned by this version insisting a lot on LDAP user cleanup preventing users from login, it may induce people to think that deleted users can still login until the background job detects them.
This is not the case, as soon as a user is removed from LDAP or do not match the filter anymore, login is impossible.
Also, any user that is found to be missing from the LDAP in the course of any request will also be flagged as deleted. So the background job is not the only way for users to be detected as missing, the software is proactive.
This page should also refer to the option to see remnants as disabled documented in #11741
| * User's corresponding entry in ``oc_storages`` | ||
| .. note:: | ||
|
|
||
| LDAP User Cleanup does *not* immediately delete user accounts or data. When users are no longer found in LDAP, their accounts are **marked for deletion** within Nextcloud. At this stage, all account data—including files, folders, preferences, and group memberships—remains in place. The user is simply prevented from logging in. |
There was a problem hiding this comment.
Marking for deletion does not prevent login per-se.
Users cannot login anymore because they do not match the login filter anymore.
When using another login method there have been issues in the past where the users could login. It’s usually either a bug or misconfiguration though.
Users which are marked as deleted will also disappear from user listing in Nextcloud. I think that’s important to note. In the UI it looks like the user is gone.
| minutes later the next 50, and so on. | ||
|
|
||
| The amount of users to check can be set to a custom value via occ command. The | ||
| The amount of users to check can be set to a custom value via OCC. The |
There was a problem hiding this comment.
Are we using this uppercase version in the rest of the documentation 🤔
It looks odd to me, original was clearer.
☑️ Resolves
Fix Clarification for LDAP user cleanup #13868
Clarified the behavior of LDAP user cleanup when users are no longer present in LDAP.
Explained what it means for a user to be "marked as deleted"
Reorganized existing content (and slightly edited it to facilitate the reorganization) for overall clarity
🖼️ Screenshots