LDAP Deactivates Users Unexpectedly

Problem

When LDAP search runs either manually or automatically, users are deactivated who should not have been deactivated. This happens because the user who was deactivated did not match any user returned from the LDAP search.

Solution

To fix this, check the steps below to ensure the user is properly configured:

  1. Is this user returned with the User Filter that's configured in the System Console > Authentication > LDAP ?
  2. Has the attribute that you've configured for their ID Attribute changed recently? New email, username, etc?
    • If this is the case, you'll need to update the database to contain their new ID attribute as ID attributes are not designed to change.
    • For the future, you may want to select an ID attribute that is more unique.
  3. When you query the Mattermost Database with select * from Users where Username='their username'; does the AuthData field match identically to the value returned for their ID Attribute?
    • These two values must match or the user will be deactivated. You can refer to step 1 or 2 for how to fix this.

If you answer any of the above with "no", then you'll want to resolve the issue first before attempting another LDAP sync.

Was this article helpful?
0 out of 0 found this helpful

Comments

0 comments

Article is closed for comments.