Description
For several weeks, RC no longer synchronizes new users. It continue to synchronize existing users but no longer add new ones.
I can’t find any info in the logs about missing users, as if the LDAP request it made didn’t return them.
However, when I go to my LDAP server (OpenLDAP) and do strictly the same requests, the users are returned.
Apparently, the first synchronizations worked, because I have almost all my users, but the last ones, for a few weeks, have not been added anymore.
Server Setup Information
- Version of Rocket.Chat Server: 3.18.1
- Operating System: Ubuntu 20.04
- Deployment Method: tar
- Number of Running Instances: 7
- DB Replicaset Oplog: wiredTiger (oplog Activé)
- NodeJS Version: 12.22.1
- MongoDB Version: 4.2.15
- Proxy: haproxy
- Firewalls involved: no
Any additional Information
I currently have ~ 4300 users in my base dn.
My RC LDAP configuration (the “dc=mycompagny,dc=com” is my anonimized domain) :
- enabled
- login fallback on
- find user after connection on
- host: fqdn
- port: 389
- reconnection on
- no encrypt
- base dn: ou=people,dc=mycompagny,dc=com
AUTH:
- user dn: cn=rocketchat,ou=softwares,dc=mycompagny,dc=com
- password: $thepass$
SYNC/IMPORT:
- user name field: uid
- uniq username: uid
- default domain: mycompagny.com
- merge existing users on
- sync user data on
- user data fields map:
{"displayName":"name", "mail":"email", "o":"customFields.organisation"} - sync ldap groups on
- automatically delete user role on
- group users filter:
(&(|(supannEntiteAffectationPrincipale=#{groupName})(supannEntiteAffectation=#{groupName})(memberOf=cn=#{groupName},ou=groups,dc=mycompagny,dc=com))(uid=#{username})) - dn base of ldap group:
ou=people,dc=mycompagny,dc=com - user data group map:
{
"rocketchat": "admin",
"*": "user-compagny"
}
- sync user with channels on
- user group channel map: a big json like:
{
"AC - CGP*": [
"CGP"
],
"AC - CI*": [
"CI"
]
}
- automatically delete user from channels on
- sync avatar on
- background sync on
- interval sync: at 4:00 am
- background sync import new users on
- background sync update existing users on
TIMEOUT:
no change
USER SEARCH:
- filter:
(&(uid=*)(|(o=COMPAGNY1)(o=COMPAGNY2)(o=COMPAGNY3))) - scope: sub
- search field: uid
- search page size: 500
- search size limit: 20000
USER SEARCH GROUP VALIDATION:
no change
Tried
Since it no longer adds new users, I tried:
- to set the search page size at 0
- to add them with the REST API (users.create).
It works, but users don’t have the LDAP link.
Examples with REST API users.info:
A synced LDAP user:
{
"user": {
"_id": "xxx",
"createdAt": "2021-06-02T10:20:56.514Z",
"services": {
"ldap": {
"id": "xxx",
"idAttribute": "uid"
},
"cas": {
"external_id": "xxx"
}
},
"username": "xxx",
"emails": [
{
"address": "xxx@mycompagny.com",
"verified": false
}
],
"type": "user",
"status": "offline",
"active": true,
"roles": [
"admin",
"user-compagny"
],
"name": "xxx",
"customFields": {
"organisation": "COMPAGNY1"
},
"lastLogin": "2021-09-23T12:28:02.803Z",
"statusConnection": "offline",
"utcOffset": 2,
"statusText": "",
"requirePasswordChange": false,
"canViewAllInfo": true
},
"success": true
}
And a manually added user with REST API:
{
"user": {
"_id": "xxx",
"createdAt": "2021-09-24T12:28:07.317Z",
"services": {},
"username": "xxx",
"emails": [
{
"address": "xxx@mycompagny.com",
"verified": true
}
],
"type": "user",
"status": "offline",
"active": true,
"roles": [
"user-compagny"
],
"name": "xxx",
"requirePasswordChange": false,
"customFields": {
"organisation": "COMPAGNY2"
},
"canViewAllInfo": true
},
"success": true
}
See the services part… No LDAP… And i can’t use the REST API for that…
Thanks in advance !
