Unlock a world of possibilities! Login now and discover the exclusive benefits awaiting you.
I've got an installation of Qlik Server 3.2.4 with following LDAP filter:
(&(objectCategory=person)(objectClass=user)(|(sAMAccountName=user1)(sAMAccountName=user2)(sAMAccountName=user3)(sAMAccountName=user5)(sAMAccountName=6)(sAMAccountName=user7)
If I delete the user, they can access Qlik again until the next sync at which point they're being deactivated. I've got another user in the same connector who is not being deactivated in this manner, and I can't spot any difference between the two of them. Is there any change to the connector or the LDAP filter I can make to keep this from happening? Any other changes you can think of for me to try please?
I do not completely understand your question or situation.
When you say that you delete the user I assume that you are doing that in the QMC? Are you deleting both users here?
I am not 100% sure about this. In our situation a user account is created when that user opens the QS URL and logs in. I have not tried this. But I suspect that as long as the user is included in the authorization connector that they could log back in after you deleted them and this would create their account again. So they have to be taken out of the AD group or whatever you are using so that when the next sync occurs they are no longer there and this will not happen.
I suspect what you want to do is block them in the QMC so that they can not login. Then remove the flag or whatever you are using to identify them in your connector as a Qlik user so that they do not sync any longer. Then delete them.
But I honestly am guessing on this.
I'll try to clarify the events I'm seeing:
My goal is to allow only a few users access, hence the explicit whitelisting of a few user IDs. What's weird is that a few other users are included in this same UDC but they aren't deactivated like this one is.
For future reference, the problem ended up being the LDAP filter I had on the user directory connector. I removed the LDAP filter entirely, unchecked the sync existing users flag, and set up security rules based on AD group attributes in the QS user fields, e.g. stream security based on membership in specific AD groups. This has resolved all my user deactivation issues.
I know this is solved, just for anyone else who gets here, here is my solution.
For me this happened because I had spaces between the account names and (didn't test this part) new lines/hard returns.
so
(sAMAccountName=user3) (sAMAccountName=user5)
should be changed to
(sAMAccountName=user3)(sAMAccountName=user5)