LDAP Sync - User autoclean

mknornschild · September 8, 2021, 8:16am

Hi together,

Im syncing our Active Directory Users with Icinga Director. All in all works well. Users are correctly importet and join automatic some groups. The groups are linked with Hosts and Checks in Icinga.

Setup:

Problem:
The User dos gets the group alert-XYZ-jdk-version from LDAP (AD). If I delete this membership in the AD User the group is not deleted/synced to the Icinga User. Creation of additional memberships work, modification of memberships work e.g. change alert-XYZ-jdk-version to alert-servers.
For clearitication: Only the last group is not deleted. If the user has 3 groups two are deleted but the last one cant be deleted automaticly via sync job.

dgoetz · September 8, 2021, 2:47pm

I would say this is a bug! It sounds like it sees the membership as not managed as there is no value instead of recognizing that this was managed by the import and only all values are gone.

melihoztok · December 14, 2022, 12:26pm

Hi,
i want to sync AD users & groups to icinga via director module. i can import users but i cant import groups. can you explain your sync rule properties to me?