[SOLVED] Regular LDAP user update


#1

Hi
My Mattermost is set to sync with LDAP every hour. Every time it does so, it logs that it updated a specific user:

[2018/01/12 01:47:37 GMT] [INFO] Mattermost user was updated by AD/LDAP server. username=bob.bobson authdata= email=bob.bobson@example.com
[2018/01/12 02:47:37 GMT] [INFO] LdapSync: Found 40 users with LDAP configured
[2018/01/12 02:47:38 GMT] [INFO] Mattermost user was updated by AD/LDAP server. username=bob.bobson authdata= email=bob.bobson@example.com
[2018/01/12 03:47:39 GMT] [INFO] LdapSync: Found 40 users with LDAP configured
[2018/01/12 03:47:40 GMT] [INFO] Mattermost user was updated by AD/LDAP server. username=bob.bobson authdata= email=bob.bobson@example.com
[2018/01/12 04:47:40 GMT] [INFO] LdapSync: Found 40 users with LDAP configured
[2018/01/12 04:47:41 GMT] [INFO] Mattermost user was updated by AD/LDAP server. username=bob.bobson authdata= email=bob.bobson@example.com
[2018/01/12 05:47:41 GMT] [INFO] LdapSync: Found 40 users with LDAP configured
[2018/01/12 05:47:42 GMT] [INFO] Mattermost user was updated by AD/LDAP server. username=bob.bobson authdata= email=bob.bobson@example.com
[2018/01/12 06:47:42 GMT] [INFO] LdapSync: Found 40 users with LDAP configured
[2018/01/12 06:47:43 GMT] [INFO] Mattermost user was updated by AD/LDAP server. username=bob.bobson authdata= email=bob.bobson@example.com
[2018/01/12 07:41:58 GMT] [INFO] LdapSync: Found 40 users with LDAP configured
[2018/01/12 07:41:59 GMT] [INFO] Mattermost user was updated by AD/LDAP server. username=bob.bobson authdata= email=bob.bobson@example.com

This happens every sync without fail. No other users are ‘updated’.

What could be wrong with this user that is causing this?

-R


#2

Hi @rheouk,

Could you share which version of Mattermost server you have installed?

Also, this LDAP documentation might help with troubleshooting


#3

Hi @lindy65

I’ve just now updated to 4.6.0 (from 4.5.0). The problem still persists.

I’ve been through the LDAP documentation several times - nothing points to this particular issue.

The thing is, we have no issues with LDAP. In fact, even the single user that gets ‘updated’ regularly has no issues logging in.

I’m simply wondering what’s causing that particular message - every sync.

-R


#4

I just ran a LDAP sync, while debug logs were turned on.
Aside from the usual, there were also ldap_sync_user entries logged.

I compared the ‘broken’ user to mine:

[2018/01/12 12:02:34 GMT] [DEBG] ldap_sync_user: {"id":"","delete_at":0,"username":"my.user","auth_data":"my.user","auth_service":"ldap","email":"my.user@example.com","email_verified":true,"nickname":"","first_name":"My","last_name":"Name","position":"MM Admin","roles":"","locale":""}
[2018/01/12 12:02:34 GMT] [DEBG] ldap_sync_user: {"id":"","delete_at":0,"username":"bob.bobson","auth_data":"Bob.Bobson","auth_service":"ldap","email":"Bob.Bobson@example.com","email_verified":true,"nickname":"","first_name":"Bob","last_name":"Bobson","position":"Broken User","roles":"","locale":""}

The interesting item is that the auth_data and email have capitalisations in them - these aren’t present in other users. The local Mattermost record is all lowercase. Is it picking up a difference (based on case) and then failing to sync that difference because its ignoring case elsewhere?

-R


#5

Thanks @rheouk,

I’ll ask our devs to take a look and help troubleshoot,


#6

I believe I am having a similar issue, except it happens for almost all users. I have a feeling it’s because most of our users have capital letters in their email address in AD. This makes every AD sync very noisy in the logs.

We are running mattermost 4.6.0 and have only started regular AD sync today.


#7

@rheouk What is Bob’s email address in LDAP? Is it bob.bobson@example. com, or are there any capital letters?


#8

Hi @jasonblais, yes - it’s capitalised. In fact the attribute we use for auth_data is MailNickname, which is appended to the domain for mail.

-R


#9

@jasonblais I also checked in my case, and indeed the email address are First.Last@domain in AD but are recorded in the mattermost database as first.last@domain.


#10

@gubbins @rheouk Apart from the log message, are you seeing any issues with the user account(s)? E.g. are the users still active?


#11

@jasonblais from my end, it’s purely cosmetic/logging. The user is unaffected (can log in, receives mail, etc)

There’s also only the one user affected. It could be more of an issue if there were more of these users.


#12

@rheouk @gubbins

We’ve filed a ticket to track.


#13

No problems other than verbose logging. Users are indeed active.