User not deleted in LDAP
northboys opened this issue · 6 comments
Describe the bug
I tried to delete user in Azure AD but didn't delete in LDAP.
Container configuration
environment:
NODE_ENV: "production"
LDAP_DOMAIN: "example.com"
LDAP_BASEDN: "dc=example,dc=com"
LDAP_BINDUSER: "test|test123"
LDAP_PORT: "13389"
LDAP_DEBUG: "true"
LDAP_ALLOWCACHEDLOGINONFAILURE: "true"
LDAP_SAMBANTPWD_MAXCACHETIME: "-1"
AZURE_APP_ID: "xxxxxxxxxx"
AZURE_TENANTID: "xxxxxxxxxx"
AZURE_APP_SECRET: "xxxxxxxxxx"
LDAP_SYNC_TIME: "15"
DSM7: "false"
GRAPH_FILTER_USERS: "userType eq 'Member'"
GRAPH_FILTER_GROUPS: ""
You are right, the deleted users are currently not deleted in the wrapper. Deleting them in the wrapper could cause some problems:
- Files and folders lose the deleted user as owner/creator.
- If the user home directory was created by the NAS, it will not be deleted as well.
- Permissions on the NAS are still attached to a UserId that is no longer anywhere.
- probably a few more little things
But I think the same problems should occur with a NAS connected to any other LDAP server.
So, I'll add the deletion of deleted users in one of the next versions :)
If someone really wants to keep a user for history reasons, he can just deactivate it in AzureAD and remove all licences - that way a login won't work anymore... I should also document this somewhere.
Very interesting, can't wait for the next version 😁
- Files and folders lose the deleted user as owner/creator.
I think it happens also if the userPrincipalName is changed because the homeDirectory will be changed by the program, right ?
- Files and folders lose the deleted user as owner/creator.
I think it happens also if the userPrincipalName is changed because the homeDirectory will be changed by the program, right ?
It depends. The permissions on Linux-based systems depend on the uidNumber anyway. The uidNumber is not changed by the renaming, so the files/folders keep their owner/creator. Some servers are also able to move/rename the home directories in this way. Mostly, however, the system administrator has to rename the home dirs manually.
@northboys a first attempt is available in the docker dev tag. There is a delay in the deletion, so you may need to set LDAP_DAYSTOKEEPDELETEDUSERS
if you would like to test it without delay :)
The changes are now also available in the latest version.