First Last Prev Next    This bug is not in your last search results.
Bug 56815 - Microsoft 365 Connector won't delete already disabled users
Microsoft 365 Connector won't delete already disabled users
Status: RESOLVED FIXED
Product: UCS
Classification: Unclassified
Component: Office 365
UCS 5.0
Other Linux
: P5 normal (vote)
: ---
Assigned To: Julia Bremer
Felix Botner
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2023-11-09 13:51 CET by Julia Bremer
Modified: 2024-04-25 10:59 CEST (History)
6 users (show)

See Also:
What kind of report is it?: Bug Report
What type of bug is this?: 4: Minor Usability: Impairs usability in secondary scenarios
Who will be affected by this bug?: 2: Will only affect a few installed domains
How will those affected feel about the bug?: 3: A User would likely not purchase the product
User Pain: 0.137
Enterprise Customer affected?:
School Customer affected?: Yes
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number: 2023091421000198, 2024011521000761
Bug group (optional):
Max CVSS v3 score:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Julia Bremer univentionstaff 2023-11-09 13:51:54 CET 
Instead of removing users in Azure, the Microsoft 365 Connector disables users
and renames them to "ZZZ_deleted".
A user can also be purely disabled by the Connector.
If the user was already disabled, the connector won't delete it in Azure anymore.

This behavior has been different in older versions of the Microsoft 365 connector.

The code deliberately checks if the user "should_sync" before it deletes a user.
The "should_sync" in this case means that the user is not locker,disabled or expired. 
 
»       def remove(self, dn, old):
»       »       # type:  (str, Dict[str, List[bytes]]) -> None
»       »       self.logger.info('remove dn: %r', dn)
»       »       udm_user = UDMOfficeUser(ldap_fields=old, ldap_cred=self._ldap_credentials, dn=dn, logger=logger)
»       »       if udm_user.should_sync():
»       »       »       self.connector.delete(udm_user=udm_user)

If this check was removed from modules/univention/office365/udmwrapper/udmobjects.py, the behavior should again be what is expected: That a user can be deleted, even if it is disabled.
Comment 2 Christina Scheinig univentionstaff 2023-11-13 09:23:12 CET 
For the customer, the normal process is to deactivate their students before they are deleted. This regression causes 300  orphaned deleted users in azure, and the customer needs an additional script, to activate the users before deleting them.
Comment 3 Christina Scheinig univentionstaff 2024-01-19 16:24:20 CET 
It seem, that not only the deactivated users are not disabled in Azure anymore, but also the license is no longer removed, from a deactivated user.
So I think I can increase the user pain.
Comment 5 Felix Botner univentionstaff 2024-04-25 10:59:11 CEST 
Fixed with V5.9
First Last Prev Next    This bug is not in your last search results.