Currently, the delegated directory copies users on first login from the LDAP directory automatically. Some administrators do not want this behavior, as they wish to have more control (by creating the user manually).
- Adding a "Copy user on first login" flag in the Settings tab to be able to control this behavior through the UI
- Utilize the already existing "Add Users" flag for this purpose.
- While this flag is actually used for other purpose, we could utilize this flag as it's already available in the UI, and because the understanding of what the 2 flags do is somewhat similar
An alternative workaround would be to be more specific with your LDAP search filter. Include something like a group membership test or an AD attribute value as part of the User object filter on the Configuration tab. This allows you to control who is eligible for provisioning to crowd, for example:
- Take a backup of the Crowd Database
- Run the following query to identify the directory id of the Delegated directory that you wish to have this feature disabled
- Use the id in the following query (Replace <directoryID> with the id above):
- Restart Crowd