Problem
When LDAP search runs either manually or automatically, users are deactivated who should not have been deactivated. This happens because the user who was deactivated did not match any user returned from the LDAP search.
Solution
To fix this, check the steps below to ensure the user is properly configured:
- Is this user returned with the User Filter that's configured in the System Console > Authentication > LDAP ?
- You can test this by using ldapsearch.
- Has the attribute that you've configured for their ID Attribute changed recently? New email, username, etc?
- If this is the case, you'll need to update the database to contain their new ID attribute as ID attributes are not designed to change.
- For the future, you may want to select an ID attribute that is more unique.
- When you query the Mattermost Database with
select * from Users where Username='their username';
does theAuthData
field match identically to the value returned for their ID Attribute?- These two values must match or the user will be deactivated. You can refer to step 1 or 2 for how to fix this.
If you answer any of the above with "no", then you'll want to resolve the issue first before attempting another LDAP sync.
Comments
Article is closed for comments.