search

myOmikron / mailcow-ldap-sync

26 stars 2 forks source link

keep Data when changing OU of users #3

Closed theoneandonly-vector closed 3 years ago

theoneandonly-vector commented 3 years ago

hey there

I changed the OU of my users -> this reuslted in a deletion of all data (somehow the data was overwritten..) this looks like the users uid isn't the uid of the LDAP but the whole string including CN and domain.

after this I just recovered from my backup and disabled the ldap-synch currently.

Do you have an idea how to fix this?

myOmikron commented 3 years ago

Hi, in order to answer this adequately, I need more details. From my understanding this happened:

  1. You stopped mailcow-ldap-sync
  2. Moved your users to another subpath in ldap. (cn=Admins,ou=Users,dc=ldap,dc=example,dc=org -> cn=Admins,ou=NewUsers,dc=ldap,dc=example,dc=org)
  3. Changed the Parameter user_search_base in the config.json of mailcow-ldap-sync
  4. Optional. Changed user_search_filter in config
  5. Started mailcow-ldap-sync again
  6. Users were deleted in mailcow
  7. Users were readded in mailcow

This (Step 6 &7) resulted obviously in empty mailboxes.

Please confirm or change / add / remove the steps.

theoneandonly-vector commented 3 years ago

step 3 & 4 didn't happen. but yes all the other steps are correct.

myOmikron commented 3 years ago

If Step 3 & 4 didn't were necessary, that's fine.

The script uses its intermediate database to check whether a user should be deleted, modified or created. The User Identifier is indeed its dn. So the search resulted in your new users found, but they were created in the database and as of this created in mailcow. Whereas your old users weren't found in the search result, so they got deleted.

This was done on purpose, to allow Users with the same uid / SAMAccountName within different subpaths.

If the intermediate database was not recovered from the backup, so has done the sync with the new DN once completly, you should be able to just start the script again. As long as the mails haven't changed in ldap, there should be no change in mailcow, as the mailboxes are bound to their mail as identifier.

If the above is not the case, you have to edit the DNs in the intermediate database mailcow.sqlite3 to match the DNs retrieved from your ldap server.

theoneandonly-vector commented 3 years ago

thx, this was successful. it's really great how you explained everything so detailed.