Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Agent and Customer role assignment when in multiple groups fail #1675

Closed
MNobis opened this issue Nov 23, 2017 · 3 comments
Closed

Agent and Customer role assignment when in multiple groups fail #1675

MNobis opened this issue Nov 23, 2017 · 3 comments
Assignees
@thorsteneckel
Labels
LDAP works as designed / wontfix

Comments

@MNobis
Copy link

MNobis commented Nov 23, 2017

Infos:

LDAP - Role assignment

  • Used Zammad version: 2.0.x also tested with 2.1.x
  • Used Zammad installation source: From repository
  • Operating system: Ubuntu 16.04 LTS
  • Browser + version: not relevant

Expected behavior:

  • If a user account is in two AD-Groups that are used to assign customer and agent roles, the user should be assigned to two roles or at least doesn't change from it's actual configuration/be deactivated.

  • For every role there is a different AD-Group used, but the agents are also in the group for customers.
    image

Actual behavior:

  • The ldap Sync fails for these users and the Zammad account gets deactivated

Steps to reproduce the behavior:

  • Put a user in two different AD-Groups
  • Use one group to auto assign Customer
  • Use the other group to assign Agents
  • The user can not be created or, if already present, disabled
  • The order of the entries does not make any difference.

Yes I'm sure this is a bug and no feature request or a general question.
@MNobis MNobis changed the title AD Role assignment when in multiple groups fail Agent and Customer role assignment when in multiple groups fail Nov 23, 2017
@thorsteneckel
Copy link
Contributor

Hi @MNobis - This works as designed. Zammad can't decided which group assignment is the one to go and both (Agent and Customer) simultaneously is currently not possible. Since it's a logical error (because of the limitation) Zammad fails accordingly and won't import the user.

@thorsteneckel thorsteneckel self-assigned this Nov 24, 2017
@MNobis
Copy link
Author

MNobis commented Nov 28, 2017

@thorsteneckel thanks for your quick reply.

I have a small followup question about the role assignement.

Is it also works as designed that new AD-Accounts get assigned to the customer role automaticly even if there aren't any rules specified in the ldap integration?
My expectation is that the account will sync but without any role assigned.

If this is not a bug, it completely solve the problem we had.

@thorsteneckel
Copy link
Contributor

Hi @MNobis - yes - but this depends on your configuration, too. If the new user is in none of the groups you have configured they will get synced as customers by default. Down in the "expert" section is a setting where you can define the behavior. You can either import them as Customers (default) or skip them. If skip is configured they will get - well - skipped and are not synced into Zammad.

mbeijen pushed a commit to mbeijen/zammad that referenced this issue Mar 20, 2018
@thorsteneckel
Applied currently available fix for ruby 'open-uri' bug described in …
4a24bb8 
…pull request zammad#1675. Using 'open' with a temp file causes an exception.

This is caused by the newly introduced Exchange integration dependencies 'viewpoint' and 'autodiscover' which depend on 'httpclient' which requires 'open-uri' somewhere. These cause the integration tests to fail - namely UserAgentTest#test_check_request.

Link: ruby/ruby#1675
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@thorsteneckel thorsteneckel

Labels
LDAP works as designed / wontfix
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@thorsteneckel @MNobis