Unlock a world of possibilities! Login now and discover the exclusive benefits awaiting you.
I'm tidying a brown field site, and tidying the User Synch.
The Connector now pulls the users as expected from AD.
Issue is users not in that subset, are being added as users and active on access of the Hub.
I've always known users not in the user sync to be added but as inactive.
Trying to prevent users inadvertently landing on the wrong environment.
Hello @PhillG
You can add a LDAP filter to the UDC in order to select the ones you want as active. See the sample below:
(&(&(objectClass=user)(memberOf=CN=SG-QlikSenseUsers,CN=Users,DC=IPC,DC=local)(!userAccountControl:1.2.840.113556.1.4.803:=2)))
I'm only pulling users from SG-QlikSenseUsers and the second statement pull only users that are not disabled.
Please let me know if this is helpful.
BR,
Eduardo Monteiro
Thanks for reply...
To clarify, i have my UDC set to only pull in active users from AD, but users accessing the hub, outside of that criteria, and still coming through as Active, when accessing direct.
When set this up historically, users accessing hub not in UDC pull, would be added but marked as inactive, allowing for automated removal.
Check if your virtual proxy has "No anonymous user" set on Anonymous access mode. It must be something with your virtual proxies then. Share the configuration and I might be able to help.
Thanks @Eduardo_Monteiro
The proxy is set to No Anonymous Users...
Very little else going on in terms of VP Setup, and inline with previous setups i've had, but before users not in the LDAP params in the UDC would come through as inactive. It's fine they make their way they're (it's good to know who tried) but they shouldn't have access.
VP points at single proxy in this setup with no other config, bar some whitelisting.
UDC config is on the lines of
(&(objectclass=user)(&(|(memberOf=GROUPA)(memberOf=GROUPB))(!(memberOf=GROUPC))))
which pulls in the expected user base. Historically that has been enough for me.