Zammad: Add setting to merge local Users with LDAP-Users

Created on 4 Jan 2018 · 1Comment · Source: zammad/zammad

Infos:

Used Zammad version: 2.2.0-1513786667.dbad0f53.jessie
Installation method (source, package, ..): deb8 pkg
Operating system: deb8
Database + version: pgsql 9.4.15-0+deb8u1
Elasticsearch version: 5.6.5
Browser + version: firefox nightly

Expected behavior:

Locally created users sharing the login name with an LDAP account should be merged and passwords should be overwritten with password from LDAP.

Actual behavior:

When a user is created locally with a login and then later superseded through an LDAP account with a matching login, the password for the account is not updated from LDAP, but stays the same as before.

Steps to reproduce the behavior:

Create user test with password testpass
Create user test on LDAP with userPassword betterpass
Trigger LDAP sync
User can login with testpass, not with betterpass
[x] Yes I'm sure this is a bug and no feature request or a general question.

LDAP authentication enhancement

Source

mweinelt

👍2

Most helpful comment

Hi @mweinelt - We discussed this and came to the conclusion that it's an enhancement but not a bug. Currently a user can be authenticated agains each linked service (like LDAP, Twitter, ...) but the Zammad password will still work as well. So there is a need for a general refactoring/change of this functionality.

We think there should be an (advanced) option in the LDAP configuration if the LDAP is the single point of truth. We will implement this when the time is right.

thorsteneckel on 10 Jan 2018

👍4

>All comments

We think there should be an (advanced) option in the LDAP configuration if the LDAP is the single point of truth. We will implement this when the time is right.

thorsteneckel on 10 Jan 2018

👍4

Was this page helpful?

0 / 5 - 0 ratings