I set the LDAP sync to happen every 10 minutes, so changes like this do appear quite often during a workday, and it is very annoying. How can I apply changes, made by the LDAP syncs automatically?
If I understand the API docs correctly, there is no way how I can get the details of a change, which would me allow writing a cron job to grep and activate if the term LDAP is found…
Thank you! While this is not the solution I was looking for, I implemented it this way, because it reduces the changes dramatically. I set it to the suggested option on our dev instance and left prd how it was, there weren’t that many changes because the instance does not get redeployed with clearing the data.
You could also narrow you ldap search to only look at groups that are related to CheckMK logins. That way you will only get changes when a user is actually added/removed to/from a group in LDAP that applys to CheckMK login.
My guess is that you are looking at the top of you tree?
This is how I have set it up currently. You are correct, I am looking at the whole subtree. Would all entries one level below be correct to prevent changes like the one in my original post?
Those changes do appear not very often, maybe like once a day right now.
It really depends on how your LDAP Structure is, are you using Active Directory that has some extra features with nested groups.
But in general you should set you base to be the absolute path to where your end users are or at least as close as you can. Then depending on how the end structure is you can define if it should search the hole tree or only a subset of the tree.
