LDAP_SYNC observations

Hi,

I’m using Seafile Pro 7.0.9 with ldap authentication.
I just tried to enable ldap synchronisation, so that users can be found as soon as they have an ldap account but before they logged in to seafile.

  1. The first thing, that I observed, is, that ldap sync only works, if I set “ENABLE_GLOBAL_ADDRESSBOOK = True” in seahub_settings.py. I have disabled the option, because we do not want to get a list of all users after entering the first few letters into the mask. Users are found after entering the correct email address. Would it be possible to enable ldap sync without enabling the global addressbook?

  2. ldap sync only woks once. After importing a few users, when I call ldapsync a second time, nothing happens, even if there are new users in ldap. This problem has been reported in this forum and it should have been solved in 7.0.6. I’m using 7.0.9 and it still doesn’t work.

  3. Importing the extra attributes didn’t work. I enabled the feature in ccnet.conf, but after the first run I didn’t find an imported user with these attributes.

ENABLE_EXTRA_USER_INFO_SYNC = True
FIRST_NAME_ATTR = givenName
LAST_NAME_ATTR = sn
UID_ATTR = uid
  1. I set the option “DEACTIVE_USER_IF_NOTFOUND = True”. But running ldapsync, it not only deactivates users, it also immediately deletes all libraries of the users. This is a bad idea. Sometimes we only want to deactivate a user temporarily without deleting the data. We use an ldap attribute for that (service=seafile). If a user can not be found by mistake or an error, we do not want his data to be deleted. There should be a second option DELETE_DATA_IF_NOTFOUND.

Regards,
Dirk

Hi,

Thank you for these observations. I was wondering if LDAP sync could be activated safely on our system, then i’ll wait for answers from the devs.

:thinking:

Regards