Skip to content

Adds code to delete all the access if no access returned from Ldap and enable_synchronize_access_from_ldap=1, #PG-4868 #415

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
AltamashShaikh wants to merge 7 commits into
base: 5.x-dev
Choose a base branch
from
Open

Adds code to delete all the access if no access returned from Ldap and enable_synchronize_access_from_ldap=1, #PG-4868 #415

AltamashShaikh wants to merge 7 commits into from

Conversation

@AltamashShaikh
Copy link
Contributor

@AltamashShaikh AltamashShaikh commented Jan 7, 2026

Description

Adds code to delete all the access if no access returned from Ldap and enable_synchronize_access_from_ldap=1

Issue No

#PG-4868

Steps to Replicate the Issue

  1. Enable sync access from ldap
  2. Map the access in Ldap for a user
  3. Login via that user
  4. Now remove all the access for that user in LDAP and try logging in, it will work
  5. Checkout this PR
  6. Logout and Login again with that user.

Checklist

  • [✔] Tested locally or on demo2/demo3?
  • [✔] New test case added/updated?
  • [NA] Are all newly added texts included via translation?
  • [NA] Are text sanitized properly? (Eg use of v-text v/s v-html for vue)
  • [✔] Version bumped?
  • [NA] I have understood, reviewed, and tested all AI outputs before use
  • [NA] All AI instructions respect security, IP, and privacy rules

james-hill-matomo
james-hill-matomo reviewed Jan 7, 2026
View reviewed changes
LdapInterop/UserSynchronizer.php Outdated
Comment on lines 204 to 208
} else {
$this->logger->log('warning', "UserSynchronizer::{func}: User '{user}' has no access in LDAP, but access synchronization is enabled.", array(
'func' => __FUNCTION__,
'user' => $piwikLogin
));
Copy link
Contributor

@james-hill-matomo james-hill-matomo Jan 7, 2026
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@AltamashShaikh Not sure if this is ready for review yet, but this error message is now wrong. Is there any case where accessSynchronization is disabled and this function is called? I don't think there should be - having the if is nice, but maybe it should be further up the stack?

Copy link
Contributor Author

@AltamashShaikh AltamashShaikh Jan 8, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@james-hill-matomo Updated logic.

@james-hill-matomo
Copy link
Contributor

james-hill-matomo commented Jan 8, 2026

#416

@AltamashShaikh
Copy link
Contributor Author

AltamashShaikh commented Jan 9, 2026

@james-hill-matomo Thanks for the suggestion, I have applied them here and updated the test case to be check the behaviour more accurately.

@AltamashShaikh AltamashShaikh mentioned this pull request Jan 9, 2026
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@james-hill-matomo james-hill-matomo Awaiting requested review from james-hill-matomo

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

Needs Review

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@AltamashShaikh @james-hill-matomo