Did you check the "Delete Users That are not in LDAP" checkbox on the "Configure LDAP Synchronization" admin page?

No because I was afraid that it removes also local users.

The indications on LDAP configurations let me think that they will be removed too.

Am I wrong ?

Thanks,
Daniel

I'm glad you asked. I think you're right. I just tested it on my machine, and it deleted all my local users except for a few system accounts! So, do not use the option if you want to keep local users.

Personally, this does not feel right to me. I think we should have an option where it can purge LDAP-originated users only, without touching local users.

I agree. I sustain you in this new option.

If you modify something on this page you could perharps aloso modify the filter field to be a multiline field. We have more than 10 conditions and it's not readable.

Thanks.

Daniel

Just to know what happens if we delete the LDAP configuration ?

Are all LDAP users removed ?

It could be a workaround while this option is not present ?

Thanks

Daniel

I have perhaps already an answer : the users won't have the same internal id when they will be imported again so their newly created entries won't be theirs.

Am I right ?

Daniel

Deleting the LDAP configuration does not delete already imported users. Once you delete the configuration, however, you can't use LDAP for authentication (unless you have another LDAP configuration). The same configuration is used for both synchronization and login-time authentication.

I entered two bug reports.

Bug 587070 - Checking "Delete Users That are not in LDAP" option also purges local users

Bug(enhancement) 587077 - Make the LDAP Filter field to support multiline