4 Replies Latest reply: Oct 5, 2017 9:05 AM by Faizoel Kasiemkhan RSS

    Why are my users being deactivated externally?

    Nicholas Daniel

      I've got an installation of Qlik Server 3.2.4 with following LDAP filter:

      (&(objectCategory=person)(objectClass=user)(|(sAMAccountName=user1)(sAMAccountName=user2)(sAMAccountName=user3)(sAMAccountName=user5)(sAMAccountName=6)(sAMAccountName=user7)

       

      If I delete the user, they can access Qlik again until the next sync at which point they're being deactivated.  I've got another user in the same connector who is not being deactivated in this manner, and I can't spot any difference between the two of them.  Is there any change to the connector or the LDAP filter I can make to keep this from happening? Any other changes you can think of for me to try please?

        • Re: Why are my users being deactivated externally?
          Mark Ritter

          I do not completely understand your question or situation.

          When you say that you delete the user I assume that you are doing that in the QMC?  Are you deleting both users here?

           

          I am not 100% sure about this.  In our situation a user account is created when that user opens the QS URL and logs in.  I have not tried this.  But I suspect that as long as the user is included in the authorization connector that they could log back in after you deleted them and this would create their account again.  So they have to be taken out of the AD group or whatever you are using so that when the next sync occurs they are no longer there and this will not happen.

           

          I suspect what you want to do is block them in the QMC so that they can not login.  Then remove the flag or whatever you are using to identify them in your connector as a Qlik user so that they do not sync any longer.  Then delete them.

           

          But I honestly am guessing on this.

            • Re: Why are my users being deactivated externally?
              Nicholas Daniel

              I'll try to clarify the events I'm seeing:

              1. User account is created by opening the QS url.
              2. User's access works fine, until
              3. UDC, which explicitly looks for that user's ID (not AD group), syncs and then the user is deactivated externally.
              4. I delete the user in the UDC, then go back to number one.

               

              My goal is to allow only a few users access, hence the explicit whitelisting of a few user IDs.  What's weird is that a few other users are included in this same UDC but they aren't deactivated like this one is.