Werk #16787: ldap: users should be created without the suffix unless there are conflicts

Component Setup
Title ldap: users should be created without the suffix unless there are conflicts
Date Jun 5, 2024
Level Trivial Change
Class Bug Fix
Compatibility Compatible - no manual interaction needed
Checkmk versions & editions
2.4.0b1
Not yet released
Checkmk Raw (CRE), Checkmk Enterprise (CEE), Checkmk Cloud (CCE), Checkmk MSP (CME)
2.3.0p25 Checkmk Raw (CRE), Checkmk Enterprise (CEE), Checkmk Cloud (CCE), Checkmk MSP (CME)
2.2.0p39 Checkmk Raw (CRE), Checkmk Enterprise (CEE), Checkmk Cloud (CCE), Checkmk MSP (CME)

Previously, if you had an ldap connection configured with both a "suffix" and "create users only on login" enabled. The username used to login would be used to create a user profile.

E.g.

  • testuser1 -> created a userprofile called testuser1
  • testuser1@suffix -> created a userprofile called testuser1@suffix

This was incorrect. The suffix should only be used when there are conflicts.

This werk addresses this issue by changing the behaviour to:

  • Check if the user (without the suffix) already exists.
  • If it's the same user, login with this user. No need to create a new user profile.
  • If it's a different user, repeat the process using the username with the suffix.

To the list of all Werks