You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
If a user account is in two AD-Groups that are used to assign customer and agent roles, the user should be assigned to two roles or at least doesn't change from it's actual configuration/be deactivated.
For every role there is a different AD-Group used, but the agents are also in the group for customers.
Actual behavior:
The ldap Sync fails for these users and the Zammad account gets deactivated
Steps to reproduce the behavior:
Put a user in two different AD-Groups
Use one group to auto assign Customer
Use the other group to assign Agents
The user can not be created or, if already present, disabled
The order of the entries does not make any difference.
Yes I'm sure this is a bug and no feature request or a general question.
The text was updated successfully, but these errors were encountered:
MNobis
changed the title
AD Role assignment when in multiple groups fail
Agent and Customer role assignment when in multiple groups fail
Nov 23, 2017
Hi @MNobis - This works as designed. Zammad can't decided which group assignment is the one to go and both (Agent and Customer) simultaneously is currently not possible. Since it's a logical error (because of the limitation) Zammad fails accordingly and won't import the user.
I have a small followup question about the role assignement.
Is it also works as designed that new AD-Accounts get assigned to the customer role automaticly even if there aren't any rules specified in the ldap integration?
My expectation is that the account will sync but without any role assigned.
If this is not a bug, it completely solve the problem we had.
Hi @MNobis - yes - but this depends on your configuration, too. If the new user is in none of the groups you have configured they will get synced as customers by default. Down in the "expert" section is a setting where you can define the behavior. You can either import them as Customers (default) or skip them. If skip is configured they will get - well - skipped and are not synced into Zammad.
mbeijen
pushed a commit
to mbeijen/zammad
that referenced
this issue
Mar 20, 2018
…pull request zammad#1675. Using 'open' with a temp file causes an exception.
This is caused by the newly introduced Exchange integration dependencies 'viewpoint' and 'autodiscover' which depend on 'httpclient' which requires 'open-uri' somewhere. These cause the integration tests to fail - namely UserAgentTest#test_check_request.
Link: ruby/ruby#1675
Infos:
LDAP - Role assignment
Expected behavior:
If a user account is in two AD-Groups that are used to assign customer and agent roles, the user should be assigned to two roles or at least doesn't change from it's actual configuration/be deactivated.
For every role there is a different AD-Group used, but the agents are also in the group for customers.
Actual behavior:
Steps to reproduce the behavior:
Yes I'm sure this is a bug and no feature request or a general question.
The text was updated successfully, but these errors were encountered: