Disable deletion of user in google

google-apps-for-work

#1

How can I disable the user deletion if someone removes the checkmark in ucs settings for GApps account?

Thanks a lot,
best
meg


HowTo: Anbindung existierender GAPPs und O365 Instanzen
#2

Unfortunately this feature has not been implemented yet: https://forge.univention.org/bugzilla/show_bug.cgi?id=45319


#3

What would be logic for me:

  • When user is unlinked to google (remove the checkmark), nothing should happened
  • when a user is disabled in UCS, it should be disabled in google
  • if a user is deleted, it should deleted in google (with a confirmation dialog before)
  • afaik google has no “locked login”

#4

A confirmation dialog before is not possible, because the underlying mechanism is the same as for the command line and is non-interactive.
Would a UCR variable be OK, that decides whether deleting a UCS-user should delete or deactivate the google-user?
In the mail server app we have such a UCR switch (→ when deleting the UCS-user, should the mailbox be deleted or not).

What is a “locked login”?


#5

For me, I had modified google module with function suspend_google_user and call it when user is deleted instead of call delete_google_user function


#6

That’s great!
I just wanted to send you the github Link to make a PR, but I noticed we are not syncing the code there yet. I’ll ask a colleague to activate it.

BTW: we have planned to implement the disable functionality this quarter.


#7

Would be much better than deleting the user :wink: And these variable should be set to disable by default.

But my problem was not the deletion of the user in UCS, it was just removing the checkmark in google sync (which deleted the user in google). -> I think this should never happens.

BTW, how is this handled on the o365 add-on? We not using the email part of office but users would also surprised if accounts gone to /dev/null when removing a checkmark :wink:


The right option :wink:


#8

awesome.

Could you provide the code?

Possible this function could also called when a account is deactivated on ucs side.


#9

@Megachip: This function is called via Listener when “locked Login” function call -> this time, Sambar user will flagged as D mean is user disabled then call function suspend_google_user with API modify and parameter “suspended = true”
@troeder: This is why i’m waiting for your update, I see that Google Connecter has update but I didn;t found changelog anywhere so I still using 1.x version with modified code. If you want, I will share my code via my own Gitlab


#10

Yes - this will be handled the same as deleting the UCS user.

The same (undesired) behavior. We’ll change that there too, to keep both apps behavior as similar as possible.

Ah yes. In UCS 4.3 the disabled setting and locked setting have been simplified into boolean values. For the synchronization to google/azure we can simply ignore this.

Yes - the missing changelog is a problem we have noticed too. Currently you can only find it by browsing the appcenter server. Go to http://appcenter.software-univention.de/univention-repository/4.2/maintained/component/ , find the latest version of the app (google-apps_20180322143354) and open the README_UPDATE_EN or README_UPDATE_DE. To check the 4.3 version, replace 4.2 in the URL.
Far from optimal… Some day we’ll make the apps changelog available through the app catalog…
The Debian packages changelog will be available as soon as the git repository is synced to github.

thank you for the offer.
But we require a contributer agreement and stuff, which is all checked nicely through our github account (see example PR). I’d be more comfortable if it goes through a PR to our repo. Sorry for the delay.


#11

I won’t ignore this. The default behavior should be like @congnv described it: When user is disabled in UCS it should also disabled in Google/O365 (not sure if office support that).

Best,
meg


#12

Sorry - that’s a misunderstanding.
I meant the locked setting can be ignored, as that is not supported by google/azure/ucs 4.3.
The disabled state must be synchronized.

Greetings
Daniel


#13

What happens when I remove the google app sync checkmark on an user where it is set but the mail is missing and no univentionGoogleAppsId is set?

Is it save to remove or will it delete all google users? ^^

Best,
meg


#14

When the connection to the Google user has not been established, nothing will happen.


#15

@congnv

could you please provide a short summary (or a patch) on which file I’ve to change what?

Also have the problem that connecting existing users from UCS to G will overwrite the password of that particular user. But hopefully that part I could figure out myself :wink:

Thanks a lot,
best,
meg


#16

That would be awesome. Is this feature planned or timelined?