Univention Bugzilla – Bug 56815
Microsoft 365 Connector won't delete already disabled users
Last modified: 2024-04-25 10:59:11 CEST
Instead of removing users in Azure, the Microsoft 365 Connector disables users and renames them to "ZZZ_deleted". A user can also be purely disabled by the Connector. If the user was already disabled, the connector won't delete it in Azure anymore. This behavior has been different in older versions of the Microsoft 365 connector. The code deliberately checks if the user "should_sync" before it deletes a user. The "should_sync" in this case means that the user is not locker,disabled or expired. » def remove(self, dn, old): » » # type: (str, Dict[str, List[bytes]]) -> None » » self.logger.info('remove dn: %r', dn) » » udm_user = UDMOfficeUser(ldap_fields=old, ldap_cred=self._ldap_credentials, dn=dn, logger=logger) » » if udm_user.should_sync(): » » » self.connector.delete(udm_user=udm_user) If this check was removed from modules/univention/office365/udmwrapper/udmobjects.py, the behavior should again be what is expected: That a user can be deleted, even if it is disabled.
For the customer, the normal process is to deactivate their students before they are deleted. This regression causes 300 orphaned deleted users in azure, and the customer needs an additional script, to activate the users before deleting them.
It seem, that not only the deactivated users are not disabled in Azure anymore, but also the license is no longer removed, from a deactivated user. So I think I can increase the user pain.
Fixed with V5.9