0013628: ldap user sync: allow to configure or auto-detect synced properties #6740

Open
Gloirin opened this Issue Jun 9, 2018 · 4 comments

Comments

Projects
None yet
1 participant
@Gloirin

Gloirin commented Jun 9, 2018

Reported by pschuele on 16 Nov 2017 08:13

improve "\Tinebase_User::_syncDataAndUpdateUser further. Yesterday I thought it may be related to a missing property in Ldap (mine has no accountExpire)." -> that sounds like a probable cause, if the accountExpire will be set to a value other than null again later either in the update code path or through an other process, the ldap sync will unset it again and again.

@Gloirin

This comment has been minimized.

Show comment
Hide comment

Gloirin commented Jun 10, 2018

Related to #3927

@Gloirin

This comment has been minimized.

Show comment
Hide comment
@Gloirin

Gloirin Jun 11, 2018

Comment posted by lab-at-nohl on 16 Nov 2017 10:28

+1 Thanks for opening this feature. Although it may be desirable to find syncable fields automatically.

I'd like to add that - in my view - the sync of specific ldap data like last login time should not change the last_modified_by field (during the stage of syncing the changes are all performed by setupuser). Instead it should remain to the real user that has taken the last manual changes (admin).

Gloirin commented Jun 11, 2018

Comment posted by lab-at-nohl on 16 Nov 2017 10:28

+1 Thanks for opening this feature. Although it may be desirable to find syncable fields automatically.

I'd like to add that - in my view - the sync of specific ldap data like last login time should not change the last_modified_by field (during the stage of syncing the changes are all performed by setupuser). Instead it should remain to the real user that has taken the last manual changes (admin).

@Gloirin

This comment has been minimized.

Show comment
Hide comment
@Gloirin

Gloirin Jun 11, 2018

Comment posted by pschuele on 4 Jan 2018 14:13

> the sync of specific ldap data like last login time should not change the last_modified_by field

i'm not sure if that is a good idea to introduce an exception here. we also need to keep in mind, that we want those changes to be replicated to the slaves in a replication setup. this currently needs the modlog-information (table timemachine_modlog).

Gloirin commented Jun 11, 2018

Comment posted by pschuele on 4 Jan 2018 14:13

> the sync of specific ldap data like last login time should not change the last_modified_by field

i'm not sure if that is a good idea to introduce an exception here. we also need to keep in mind, that we want those changes to be replicated to the slaves in a replication setup. this currently needs the modlog-information (table timemachine_modlog).

@Gloirin

This comment has been minimized.

Show comment
Hide comment
@Gloirin

Gloirin Jun 11, 2018

Comment posted by shochdoerfer on 5 Jan 2018 08:10

Ideally the whole LDAP sync process could be done a bit more flexible / extendable, see #0007772 for my "requirements". But to be fair I have no idea how to do that as I guess different companies have different use-cases :)

Gloirin commented Jun 11, 2018

Comment posted by shochdoerfer on 5 Jan 2018 08:10

Ideally the whole LDAP sync process could be done a bit more flexible / extendable, see #0007772 for my "requirements". But to be fair I have no idea how to do that as I guess different companies have different use-cases :)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment