Details
-
Suggestion
-
Resolution: Unresolved
-
None
Description
We discovered that if you import a CSV into a User Directory, there is no logic to propagate the is_local column for the group record in cwd_group table. The fallback behavior will set this value to False, which means that if you import to a User Directory that has remotely managed groups (say, from an LDAP or AD source), on the next sync it will blow away the imported group and configuration.
Example use case
Imported group "Foo" from CSV to an LDAP Connector type User Directory with Local Group Management
Manually created group in UI for an LDAP Connector type User Directory with Local Group Management
Workaround?
Because this is a gap in the product design (in that it does not set the is_local property, you can forcibly set this in the database by updating the imported group to have that value set to True. Don't do this if you don't know why you want to, but here's an example.
Take a backup of your database first and test this in a non-production environment!
# update all groups in <DIR_ID> (fill this out) to have the is_local value set to True regardless of what it was before # this will cause all groups in this User Directory to be locally managed update cwd_group set is_local = 'T' where directory_id = <DIR_ID> and lower_group_name IN ()