Highlighted
TSchmauch Absent Member.
Absent Member.
1352 views

User accounts and LDAP

We are running Vibe 3.4 and synchronizing user accounts with LDAP. Under LDAP settings, we have Vibe set to "Delete users that are no longer in LDAP", however, this does not seem to be occurring. I see lot of disabled accounts and a lot of active ones for users who are no longer in the tree. Has anyone else experienced this?

Also is there a manual way to remove accounts added by LDAP? All I can do under the User Accounts tab is enable the accounts, there is no delete option.

Thanks,
Tom
0 Likes
2 Replies
Knowledge Partner
Knowledge Partner

Re: User accounts and LDAP

Hey Tom,

TSchmauch;2305992 wrote:
We are running Vibe 3.4 and synchronizing user accounts with LDAP. Under LDAP settings, we have Vibe set to "Delete users that are no longer in LDAP", however, this does not seem to be occurring. I see lot of disabled accounts and a lot of active ones for users who are no longer in the tree.


Don't know.. I never have that delete option enabled, to much of a potential risk of unintentional account deletes imo. Rather just let the accounts be disabled that are not in LDAP anymore and manually delete them from time to time.

TSchmauch;2305992 wrote:
Also is there a manual way to remove accounts added by LDAP? All I can do under the User Accounts tab is enable the accounts, there is no delete opti


You should be able to select them from the option "select from all accounts" and delete them there.

Also see : http://www.novell.com/documentation/vibe34/vibe34_admin/data/b1290dlq.html

Cheers,
Willem
0 Likes
e-ebell1 Absent Member.
Absent Member.

Re: User accounts and LDAP

1. As Willem already mentioned: you should never use the "Delete users that are no longer in LDAP" setting. We never never never use it. One typo (e.g. when you change your ldap filter) and during the next synch all your users are gone forever! There are use cases where it makes sense, for sure. But security first 😉 And I wonder why this setting doesn't work in your installation. Maybe Novell changed the implementation some time ago to prevent users from being deleted. But I doubt so.

2. When a LDAP user is deleted in LDAP he will be disabled in Vibe. But there is a bug/missing feature 😉 in the UI, i.e. you cannot delete a disabled LDAP user directly.
To delete a disabled LDAP user you first need to enable him again and then delete him from the "Select From All Accounts" list.
(sometimes you even have to do a reindex on users and groups before a re-enabled user is found in the system again - as we experienced)

HTH
Cheers
Erik
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.