LDAP Sync: Failsafe in case of too many deleted Users
Suddenly all users have disappeared from the LDAP Group and the LDAP sync removed them from Checkmk including all manually entered settings. Even if the users are automatically added again later, all manual settings are lost. With a larger number of users this can quickly become a big problem and Murphy is not far away. And then the hassle starts...
Solution:
Instead of deleting the users immediately from checmk it would be better to deactivate the account first and remove if after a certain waiting time. If the account reappears again within this period, the account only needs to be reactivated and the manually entered settings are still ther.
In addition, the sync should be aborted if a large number of changes are detected. In such a case, the sync should be initiated manually in the GUI to ensure that this does not happen unnoticed.
This avoids a lot of hassle, and if it is a legitimate mass change, it would be a small additional effort.
Comments: 1
-
18 Oct, '23
Niklas Pulina AdminHello,
Thank you for your idea. On this portal, we carefully evaluate ideas to ensure that they will benefit a wide range of users. Thus, we close ideas not fulfilling certain criteria:
- Suggestions with low user interest: created more than 1 year ago with 5 votes or less
- Suggestions with no momentum: no votes in the last 6 months
Unfortunately, this suggestion doesn't meet these criteria, so we’re closing it (based on the data available until 2023-10-17). We appreciate your contribution and encourage you to continue to share your ideas. Your input plays a vital role in helping us improve our product for everyone.
Thank you for your understanding and continued support!
Warm regards,
Your Checkmk Team