Uploaded image for project: 'LDAP'
  1. LDAP
  2. LDAP-153

User sync should clean attributes removed from ldap

    XMLWordPrintable

Details

    • Bug
    • Resolution: Fixed
    • Major
    • 9.15.7
    • 9.15.6
    • Authenticator
    • None
    • Unknown

    Description

      If an attribute from the LDAP is removed, the corresponding user profile attribute is not cleaned up.

      I have seen an actual use case where users of the organization might loose their email address while still being able to log in.

      Steps to reproduce:

      1. give a test user an email, e.g. by the following ldif:
          
        dn: CN=User101,CN=Users,DC=localhost,DC=nodomain
changetype: modify
replace: mail
mail: user101@localhost.nodomain
      2. log in as that user - user gets email set in their profile
      3. remove the email attribute in LDAP: 
        dn: CN=User101,CN=Users,DC=localhost,DC=nodomain
changetype: modify
delete: mail
      4. log in again with that user

      Expected behavior:

      • user has no loger their e-mail address set in the profile

      Observed behavior:

      • email is still set in the user profile

      Attachments

        Activity

          People

            camil7 Clemens Robbenhaar
            camil7 Clemens Robbenhaar
            Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: