Hi
Thanks for the discussion pointer at R1.
But my goal is to pre-create user from ldap connection(MS AD) and assign those account with admin role.
WHY: To save some time on back-and-forth login confirmation and GUI opts.
User from LDAP connections are synced in full prior to login if you do not disable that setting.
That means they also get their role assigned.
It might be necessary though to restart the core after a successful synchronization, so the contacts get applied.
I found auto sync all the users(around 20K) from ldap connection will slow down the cmk cre 1.6 GUI operation overall.
So I disabled it and only create cmk user upon first login. but I have dozens of admin accounts hoping to pre-create for them.
if your admin accounts are in a separat group or you have another way to filter for them:
you can create two almost identical ldap connections with the same ldap source, but with different user search filters. And then for your ldap connection with the few admin users, you create all users immediately, while for the other ldap connection, you create users only on first login.
Thanks to @robin.gierse and @gstolz. Filling out all that fields for ldap connection config is a challenge so I picked the most relaxed filter to pull in so many unwanted users. This is a good idea, I will invest time on finding the correct, narrowed-down filter for ldap connection targeting admin AD group or a smaller sub tree.
This topic was automatically closed 365 days after the last reply. New replies are no longer allowed. Contact an admin if you think this should be re-opened.