LDAP Active status different behavious between sync methods

[the-glu]

With LDAP sync enabled and " LDAP Active Flag " field used, I have different behavior if I use different sync method.

• Using the LDAP sync button, users are always enabled
• Using php artisan snipeit:ldap-sync, users are always enabled
• Using php artisan snipeit:ldap-sync-ng, users are enabled based on "LDAP Active Flag"

Based on the code, I think that this method ( https://github.com/snipe/snipe-it/blob/master/app/Services/LdapAd.php#L327 ) is not called in the first two cases. (I added some debugging print and did not see anything)

There seem to be a different code here ( https://github.com/snipe/snipe-it/blob/master/app/Console/Commands/LdapSync.php#L168 ) to handle activation.

Maybe there should be some normalization of ldap synchronization methods ? ^^'

[snipe]

Please provide the additional information requested in the issue template. (i.e. version of Snipe-IT, version of PHP, etc)

snipeit:ldap-sync-ng is a legacy sync that we do not recommend people using, but that we kept in in case something went weird with the newer versions.

If they are both making users always active (with the two documented ways of syncing), I'm not sure what the issue is here? snipeit:ldap-sync-ng isn't really intended to be used anymore, we just included until we documented removing it.

[the-glu]

Hello,

Version is v5.0.11 - build 5695, PHP 7.2.34-8+0~20201103.52+debian10~1.gbpafa084, debian10, apache

The problem with making users always active is that I want them to be active based in the "LDAP Active Flag". The value is not respected with the two news methods ^^'

8776 added some logic for that ( https://github.com/snipe/snipe-it/pull/8776/files#diff-5048c4aa35916a46727eedfc3eeae3b3b8992f5e192a05d64685ffd086645201R339 ) but it seems to be taken into account only with ldap-sync-ng

GitHub

Fixed #8772 - initial LDAP import of users are deactivated by uberbrady · Pull Request #8776 · snipe/snipe-it

The new fixes to the LDAP activation system were missing parts about how to handle the activated flag on users. This means a lot of initial LDAP imports (usually non-Active Directory) marked all th...