cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Does the CSS perform any 'aging' on imported LDAP users?

joost_van_der_k
Inactive

Employees at customer A are auto-imported into the CSS upon first successful login.

Does the CSS periodically clean up its auto-imported users, when these users can no longer be found in the LDAP?

If so, does it do so based on a schedule or on a trigger (will ex-employees of customer A exists forever in the CSS, at least until a login for that account is attempted and the CSS learns that this account is no longer in the LDAP)?

What is the significance of this configuration item in 'compuwareSecurityLdapConfiguration.properties':

ldap.isAutoDeleteMissingImportsEnabled=true

2 REPLIES 2

sandrine-extern
Advisor

Hi Joost,

As far as I know, unused imported accounts stay in the CSS forever (we have a few example here).

Regards,

Sandrine

adrienne_simows
Participant

Hi Joost,

The CSS does have a built it mechanism for removing LDAP users that are no longer valid. When the setting you have mentioned "ldap.isAutoDeleteMissingImportsEnabled" is set to true, there is a LDAP thread that periodically checks the LDAP users (default is every 4 hours). If a user cannot be found, it is marked as a candidate to be removed from CSS. The user will only be removed if at least one other configured user can be found with the current LDAP configuration however. This prevents all users from being deleted accidentally in the case that LDAP cannot be reached or bad LDAP configuration settings.

If this does not seem to be working for you, you may want to log a ticket.

Adrienne