when running the LDAP sync i get alot of “issues”. For Example:
Errors:
The user undefined could not be added because of data validation issues.
The user undefined could not be added because of data validation issues.
The user undefined could not be added because of data validation issues.
The user undefined could not be added because of data validation issues.
The user undefined could not be added because of data validation issues.
Ignored:
The user randomuser @company .de could not be added to the group Grp_Team_Tech because some validation issues.
The user blabla @company .de could not be added to the group Grp_Team_Tech because some validation issues.
The user whatever @company .de could not be added to the group Grp_Team_Tech because some validation issues.
The user userrrrr @company .de could not be added to the group Grp_Team_Sales because some validation issues.
I read here, that every user has to have an e-mailaddress. But i am sure that this is the case. I’ve searched the help section, but was not able to find anything about this validation error.
Another question:
how can i permanently exclude specific users from being imported?
It is possible for you to individually ignore synchronization of some of your directory records and/or some users/groups in passbolt, especially when there are some problematics records you do not want to keep in sync. Such records and the command to ignore them will be displayed in the reports.
Th OUs (Organizational Units) of an MS Active Directory do also have an GUID. Is it possible to exclude one or multiple whole OUs?
The command should be executed with the same user as your web server. By instance:
su -s /bin/bash -c “/var/www/passbolt/bin/cake COMMAND” HTTP_USER where HTTP_USER match your web server user: www-data, nginx, http
aborting
su -s /bin/bash -c “/var/www/passbolt/bin/cake directory_sync ignore-list” www-data
Exception: Argument 1 passed to App\Utility\OpenPGP\Backends\Gnupg::setDecryptKeyFromFingerprint() must be of the type string, null given, called in /var/www/passbolt/plugins/Passbolt/DirectorySync/src/Utility/DirectoryOrgSettings.php on line 352 in [/var/www/passbolt/src/Utility/OpenPGP/Backends/Gnupg.php, line 169]
To ignore specific users, the best way is to put all the users you want to sync in a ldap group, and then configure the plugin to sync only users from this group. You can do that with the parameter ‘userPath’.
It is not possible to exclude an OU directly from the configuration file. The best way is to use the ignore subcommand from the directory_sync command, as you did.
Regarding the exception you are getting, can you confirm that there is a fingerprint present in your configuration file (config/passbolt.php) in the passbolt.gpg.serverKey.fingerprint section?
Side note: for Passbolt Pro support, the best is to write to us at support [at] passbolt.com