Skip to main content

Qlik

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Announcements
Qlik Connect 2024! Seize endless possibilities! LEARN MORE
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
PhillG
Contributor III
Contributor III
‎2023-03-01 09:44 AM

Users NOT in User Synch Coming Through as Active

I'm tidying a brown field site, and tidying the User Synch.

The Connector now pulls the users as expected from AD.

Issue is users not in that subset, are being added as users and active on access of the Hub.

I've always known users not in the user sync to be added but as inactive.

Trying to prevent users inadvertently landing on the wrong environment.

 

 

Labels (4)
Labels
339 Views
0 Likes
4 Replies
Eduardo_Monteiro
Partner - Contributor III
Partner - Contributor III
‎2023-03-09 09:47 PM

Hello @PhillG 

You can add a LDAP filter to the UDC in order to select the ones you want as active. See the sample below:

The information below is only for reference:

(&(&(objectClass=user)(memberOf=CN=SG-QlikSenseUsers,CN=Users,DC=IPC,DC=local)(!userAccountControl:1.2.840.113556.1.4.803:=2)))

Eduardo_Monteiro_0-1678416299976.png

I'm only pulling users from SG-QlikSenseUsers and the second statement pull only users that are not disabled.

Please let me know if this is helpful.

BR,

Eduardo Monteiro

303 Views
0 Likes
PhillG
Contributor III
Contributor III
‎2023-03-10 06:06 AM
Author

In response to Eduardo_Monteiro

Thanks for reply...

To clarify, i have my UDC set to only pull in active users from AD, but users accessing the hub, outside of that criteria, and still coming through as Active, when accessing direct.

When set this up historically, users accessing hub not in UDC pull, would be added but marked as inactive, allowing for automated removal.

288 Views
0 Likes
Eduardo_Monteiro
Partner - Contributor III
Partner - Contributor III
‎2023-03-13 10:13 AM

Check if your virtual proxy has "No anonymous user" set on Anonymous access mode. It must be something with your virtual proxies then. Share the configuration and I might be able to help.

281 Views
0 Likes
PhillG
Contributor III
Contributor III
‎2023-03-13 12:58 PM
Author

Thanks @Eduardo_Monteiro 

The proxy is set to No Anonymous Users...

Very little else going on in terms of VP Setup, and inline with previous setups i've had, but before users not in the LDAP params in the UDC would come through as inactive. It's fine they make their way they're (it's good to know who tried) but they shouldn't have access.

VP points at single proxy in this setup with no other config, bar some whitelisting.

UDC config is on the lines of 

(&(objectclass=user)(&(|(memberOf=GROUPA)(memberOf=GROUPB))(!(memberOf=GROUPC))))

which pulls in the expected user base. Historically that has been enough for me.

274 Views
0 Likes