5 Replies · Latest reply on Apr 21, 2017 10:12 AM by Dave Smith

    LDAP Sync Issue - Empty Values

      Hello Everyone,

       

       

      If assignment group or approval group users or a cell/field (e.g. manager) is empty in AD then the sync does not pull across to SNOW.  If 1 user is removed and there are remaining members then the sync seems to work okay.

       

       

      Known issues to date:

      Manager field not updating correctly - suspected that this  issue only occurs if field is left blank.

      Removing all users in assignment group does not empty the members column of assignment group in SNOW.  If 1 user removed seems to remove okay in SNOW

       

       

      Indicators are moving towards null values causing the issues.

       

      Can anyone please help me in this?

       

       

      Maloy

        • Re: LDAP Sync Issue - Empty Values
          Dave Smith

          Not sure what you mean by "assignment group or approval group users" in AD - are you referring to a specific AD group? Or is this a group already imported and used for approvals but is to be amended by updates in AD?

            • Re: LDAP Sync Issue - Empty Values
              Maloy Banerjee

              Hi Dave,

               

              This is simply just the normal group in SNOW which is getting synced with AD, just as the users do.

              1.) If a group is created in AD then in the next import in SNOW the group should get created in SNOW - working fine in SNOW.

              2.) If any user is added to the group in AD then that user must get added to the same group in SNOW as well - working fine in SNOW.

              3.) If all the user are been removed from the group in AD, then this should happen in SNOW also - but it is not working in SNOW as of today.

               

               

               

              Maloy

                • Re: LDAP Sync Issue - Empty Values
                  Dave Smith

                  Okay, so sounds like some recent change is preventing group removals.  I take it things were working fine in the past? 

                    • Re: LDAP Sync Issue - Empty Values
                      Maloy Banerjee

                      No Dave. The 3rd point I explained above has never worked.

                       

                      E.g. Suppose there are 40 users in a group in AD. If we remove five from them then those 5 are removed from SNOW also and can be seen removed in the next import with AD. But if we try to remove all the users at once from the AD group then it doesn't works. Neither of the users gets removed from the group in SNOW.

                        • Re: LDAP Sync Issue - Empty Values
                          Dave Smith

                          Okay - I misinterpreted "but it is not working in SNOW as of today" to mean it used to work and now doesn't... rather than it never did.  But from your last comment, it looks like some functionality is working, just not completely.

                           

                          As a matter of interest - what happens if you remove 39 of the 40 users from the group... does that work?  Just curious to know if it's a limitation on the amount of changes, or if an empty AD group is signifying that no work is needed (therefore the actual deletion operations are skipped)