wekan-snap icon indicating copy to clipboard operation
wekan-snap copied to clipboard

Published 20 hours ago verified publisher icon wekan

LDAP = [INFO] Import finished. Users imported: 60, but only 25 are in Wekan listed...

Open Scott-1980 opened this issue 4 years ago • 10 comments

Hello

I have tried to make a ldap connection to our MS Active Directory. this is what I used: sudo snap set wekan ldap-enable='true' sudo snap set wekan default-authentication-method='ldap' sudo snap set wekan ldap-port='389' sudo snap set wekan ldap-host='IP from my MS domain Controller' sudo snap set wekan ldap-basedn='OU=xx,DC=intern,DC=xxxxxxxx,DC=com' sudo snap set wekan ldap-login-fallback='false' sudo snap set wekan ldap-reconnect='true' sudo snap set wekan ldap-timeout='10000' sudo snap set wekan ldap-idle-timeout='10000' sudo snap set wekan ldap-connect-timeout='10000' sudo snap set wekan ldap-authentication='true' sudo snap set wekan ldap-authentication-userdn='CN=LDAP_User,OU=TESTUSER,OU=xx,DC=intern,DC=xxxxxxxx,DC=com' sudo snap set wekan ldap-authentication-password='my password from LDAP_User' sudo snap set wekan ldap-log-enabled='true' sudo snap set wekan ldap-background-sync='true' sudo snap set wekan ldap-background-sync-interval='every 1 minute' sudo snap set wekan ldap-background-sync-keep-existant-users-updated='true' sudo snap set wekan ldap-background-sync-import-new-users='true' sudo snap set wekan ldap-encryption='false' sudo snap set wekan ldap-user-search-field='sAMAccountName' sudo snap set wekan ldap-username-field='sAMAccountName' sudo snap set wekan ldap-fullname-field='cn' sudo snap set wekan ldap-default-domain='intern.xxxxxxxx.com' sudo snap set wekan ldap-user-search-scope=sub

The connecton works and i got 60 Users importet from the OU=xx But when I check in Wekan under Adminpanel,-->People-->People there are only 25 LDAP User, but it should be more. when I check in Wekan terminal this: sudo snap logs wekan 2021-02-15T11:49:00Z wekan.wekan[32518]: [DEBUG] Identifying user with: sAMAccountName 2021-02-15T11:49:00Z wekan.wekan[32518]: [DEBUG] userQuery { 2021-02-15T11:49:00Z wekan.wekan[32518]: "services.ldap.id": "63434d696e2e73246b616e" 2021-02-15T11:49:00Z wekan.wekan[32518]: } 2021-02-15T11:49:00Z wekan.wekan[32518]: [INFO] Import finished. Users imported: 60 2021-02-15T11:49:10Z wekan.wekan[32518]: [INFO] Idle 2021-02-15T11:49:10Z wekan.wekan[32518]: [INFO] Disconecting 2021-02-15T11:49:10Z wekan.wekan[32518]: [INFO] Closed

so I have two questions.

  1. Why are only 25 LDAP Users in Wekan and not all 60?
  2. Maybe it would be easyer when I can make a group, like wekan_user and put a bunch of user in it so they can only access wekan. What should i change under "sudo snap set wekan..." for this?

Best Regards Scott

Scott-1980 avatar Feb 15 '21 12:02 Scott-1980

@Scott-1980

Please look at database users collection/table are all 60 users there, with nosqlbooster

xet7 avatar Feb 15 '21 12:02 xet7

in the databae are 61 Users. It looks like there are the 60 from the ldap import and one user from the first login (AdminUser) image

So why cant i se the 61 users in the wekan board: image

Scott-1980 avatar Feb 15 '21 13:02 Scott-1980

@Scott-1980

Is there any difference in database content at users collection/table JSON content for those visible at Admin Panel / People / People, and those not visible? Are some fields extra, missing, or otherwise different?

xet7 avatar Feb 15 '21 13:02 xet7

Please do note that that The number of people is: shows only number of people loaded to webbrowser to be visible, it is not accurate count of all users.

xet7 avatar Feb 15 '21 13:02 xet7

I also think that if all of those users have not yet logged into Wekan, then it's possible that those are not yet visible at Admin Panel / People / People.

xet7 avatar Feb 15 '21 13:02 xet7

It is also possible, that while those users are not currently visible, you could probably still find those users at Admin Panel / People / People by searching for e-mail address or other details.

xet7 avatar Feb 15 '21 13:02 xet7

Oh, I think yu are right. It shows 26 Users in my Wekan webfrontend. But in the database are more user. If I search in the webfrontend after a user who is not shown there under the 26 users. It will find the user and show it will al informations. Thats great, Thanks to you!!!

So now I have make a import from all OUs and now there are more than 1500 users in the database :-( There are many deactivatet users and contacts and groups also in the database now :-( Is there a option where I can see import only active USERS?

Best Regards Scott

Scott-1980 avatar Feb 15 '21 15:02 Scott-1980

@Scott-1980

Please look at LDAP sync code, could there be added some limit to import so that only active users would be imported. Because otherwise, after deleting non-active users they would be back at next sync interval.

After that fix is added to Wekan, you could use nosqlbooster with some delete database query that would delete those users that are not active: https://docs.mongodb.com/manual/tutorial/remove-documents/

xet7 avatar Feb 15 '21 16:02 xet7

same for me. i have to scroll-down on "Admin Panel / People" and than it shows more than just 26/27

flece avatar Feb 07 '22 12:02 flece

any news to this? i also have much more useres and admin panel show only 26 ^^

q16marvin avatar Feb 06 '23 17:02 q16marvin