Duplicated entries when syncing users.

[marensas]

Using ldap:import users --no-interaction --chunk 500 command.

AppServiceProvider has this https://github.com/DirectoryTree/LdapRecord-Laravel/issues/134#issuecomment-1021190220:

auth.php looks like:

Command output looks like:

In the end I'v got 3 errors with different users: ERROR: Failed importing object [Name Surname]. SQLSTATE[23000]: Integrity constraint violation: 1062 Duplicate entry 'name@email.com' for key 'users.users_email_unique' (name and email are changed)

It seems like synchronization is struggling somewhere for unknown reason?

• LDAP Server Type: ActiveDirectory
• LdapRecord-Laravel Major Version: 2.5.3
• PHP Version: 8.0

[stevebauman]

Hi @marensas,

What database are you using? MySQL, Postgre, etc.

[marensas]

Hi @marensas,

What database are you using? MySQL, Postgre, etc.

It's Mysql 8.O

[stevebauman]

Do you happen to have users in your database with null object GUID columns, but have a populated email column? Wondering if the sync_existing is failing for some reason.

[marensas]

Do you happen to have users in your database with null object GUID columns, but have a populated email column? Wondering if the sync_existing is failing for some reason.

I guess it's not related. I'v done SELECT * FROM users where guid is null; and got 0 rows.

[stevebauman]

Ok, if you remove the sync_existing option completely from your config/auth.php file does that resolve the issue?

[marensas]

Ok, if you remove the sync_existing option completely from your config/auth.php file does that resolve the issue?

I realized that I'll not have cases where guid and domain fields will be null, as mentioned in documentation, because app authorization will only be available through LDAP, so I removed sync_existing completely as you recommended:

But I'v got even more users trying to be inserted (15 including previous 3):

I'v tried to run command with filtering specific user email ldap:import users --filter "(mail=duplicated@email.com)":

So I also realized that these are the persons who left company today and for some reason thei records were duplicated in active directory.

Question: is there any way to filter out these groups? I.e. - ldap:import users --filter "(ou!=Disabled by automatic script)"

[stevebauman]

Ohh I see, that makes sense since they would have a different guid but the same email address.

Question: is there any way to filter out these groups? I.e. - ldap:import users --filter "(ou!=Disabled by automatic script)"

You may be able to achieve this since you're using Active Directory. Give this a shot:

ldap:import users --filter "(!(distinguishedName:=*Disabled by automatic script*))"

[marensas]

ldap:import users --filter "(!(distinguishedName:=*Disabled by automatic script*))"

It throws me ldap_search(): Search: Bad search filter error.

[marensas]

I found LDAP filtering syntax page. So I fixed command to ldap:import users --filter "(!(ou=*Disabled by automatic script*))" (without : ), but still I'm getting the duplication errors.

To be sure that filtering is working I'v decided to reverse the condition: ldap:import users --filter "(ou=*Disabled by automatic script*)", but got There were no users found to import. output.

It seems that filtering by 'ou' name is not working. Maybe I'm wrong with that 'ou' group?

[marensas]

I was unable to filter out this specific OU, but --no-log flag helped me ignore these errors.