So I attempted to sync User Manager to AD and discovered several things that make it not ready for prime time, at least for me. Does anyone know how to remove the cached users that where pulled in by AD sync?
So far I have tried changing the LDAP server info and clicking submit to cause a re-sync and changing to local “FreePBX Internal Directory” then back (clicking submit each time) yet the users and groups still remain even when invalid server info is entered for the AD server.
in case any developers see these are the minimum things that I think need to be added to make this feature useable.
- Users pulled from AD should sync to iSymphony
- There should be filter option to the LDAP query so not everything in the BaseDN gets pulled (i.e. service accounts, admin accounts, etc.)
- Only specified groups should be pulled in, not just any group in the BaseDN with no way to control them.
- There needs to be a manual way to delete unwanted users/Groups.
1- Requires changes by iSymphony to authenticate through us and is on them to make changes. We have brought this up to them not sure where they are at with this. Open a feature request for this at issues.freepbx.org under iSymphony so it can be assigned to them and get their attention.
2 thru 4 please open feature request at issues.freepbx.org
OK I will open the feature request tickets. In the mean time does anyone know how to remove all the AD users from FreePBX since I no longer want to sync to AD? Is there a XML or config file I can edit?
Just change the engine back to FreePBX
That does not delete the already cached users as soon as you select Active Directory they are all back again even if the AD server information is removed. I would like to delete that cache.
You made it sound like you don’t want to use active directory. If you don’t want to use it then use the option I gave you.
As for deleting cached users. If they are removed from the active directory server they are removed.
Yes, I don’t want to use active directory any more, I had removed the AD server settings and yet the AD users where still there and I wanted them gone from FreePBX but not AD (I was not about to delete all my network users just to remove them from FreePBX). I figured it out by looking at the code in the github. I was able to delete the unwanted records from the asterisk database in the userman_users table and the userman_groups table where the auth column = ‘msad’. everything is good and clean now.
Question for you. Why does it matter if they are they when you switch modes?
IT imported every user and group in AD including system accounts, admin groups, etc. I just did not want that left behind.
Hopefully someone will have a look at resolving this soon because it makes using AD sync and iSymphony quite messy.
There are no plans to resolve this any time soon. Sorry.
I found a workaround for clearing the AD cached users.
Map the LDAP to an empty OU. then the sync will clear out all cached data to match the empty OU.
I had to figure this out because Contact Manager wouldn’t properly sync users in a group except for the four newest. Something was wrong with all the older, cached users and by clearing them out this way I was able to resync and it replenished the user data correctly.
i would like to add to the list support for ldaps (ldap over ssl or tls), and also self signed certs. I think this is an important one. i put an improvement request in.