You are not logged in.
When an employee is no longer with our organization, their userid is moved from the current LDAP path into an "inactive" unit in the tree.
When this happens, the parent_id is set to null by the import script and the user no longer appears in the tree. However, when you enter their name into the search function their name still appears in the search but when you click on it, it is not possible to view their user record.
Is there a way to keep users from appear in the search? A flag perhaps in one of the user tables? I looked but found nothing that stood out.
Also, if the user is no longer present, would it be possible to set the parent id to a different parent id so they are moved to an "inactive" organizational unit within Report Server?
Thanks!
Tom
Offline
private void deleteRemovedUsers(AbstractUserManagerNode current) {
for(AbstractUserManagerNode c : current.getChildren()){
deleteRemovedUsers(c);
}
if(null != current.getOrigin() && current.getOrigin().startsWith(providerUrl) && !nodesInDirectoryByGuid.containsKey(current.getGuid())){
current.getParent().removeChild(current);
removedNodes.add(current);
}
}Would it be possible to modify this section and rather than do a getParent and do a setParent instead?
Offline
Hi Tom,
sorry for the late reply. Not actually deleting removed users was of course unintentional. I updated the script so it will now remove nodes that are no longer there.
Please download the updated version here and let me know if that resolves the problem.
http://www2.datenwerke.net/files/blog/2 … ort.groovy
Cheers,
Thorsten
Offline
Thank you for the clarification. I do wonder, what happens to the user history (audit) when a user is removed? Would some organizations prefer to retain the user, move them to an inactive organizational unit and flag their user record with "account inhibition"? Thoughts?
Offline
Hi Tom,
usually you should find enough information in the audit log to at least recover the username even if the user was deleted, but I understand your concern.
I guess your current approach to move users to a special OU instead instead of deleting them immediately is a good way to avoid this. Couldn't you just configure the ldap import to also grab the "deleted" folder? That way you would not have to replicate the mechanism within reportserver.
Cheers,
Thorsten
Offline
Let me see what I can come up with and I'll post my results here. Stay tuned!
Offline