I have a number of user imports that run on a schedule, and assign roles when they do.  

Let's say a user's information in AD changes so that they are imported through a different schedule (ex. someone is in the User Console Only role, but is later given access to a queue in the Service Desk, and should then have the Help Desk role).  In my experience, this does not change their role, even when they log into the K1000.  Is this normal behavior, or should that role be overwritten?  

To test, I changed one user's description to something that will be picked up by another user import, then manually ran only that user import.  In doing so, I made sure that the user in question was part of the import by checking the list of users to be updated (there were only 20 in this import, and it showed up).  That user still only had User Console Only, and even when I logged into the K1000, the role did not change.

I question this because on page 132 of the 6.4 Administrator Guide, under "Importing users from an LDAP server," it says 
NOTE: User information is overwritten each time users are imported to the appliance.
It does not specify that only information from AD is overwritten.
Answer Summary:
0 Comments   [ - ] Hide Comments


Please log in to comment

Answer Chosen by the Author


Looks like I found my answer:


When a user is first created on the K1000 they retain the role that they initially got. For example if you imported your LDAP users and assigned the role User as the default, everybody you imported will retain the role user even if you change the default role of the LDAP configuration.

So a role will only be automatically assigned once.  Guess I can remove some of my LDAP imports, then!

Answered 09/14/2016 by: ondrar
Purple Belt

Please log in to comment
Answer this question or Comment on this question for clarity