starred/vaultwarden_ldap_sync
1
0
Fork 0
mirror of https://github.com/sirtoobii/vaultwarden_ldap_sync.git synced 2026-04-26 20:45:54 +03:00
Code Issues 5 Projects Releases 2 Packages Wiki Activity

[GH-ISSUE #17] LDAP Sync inconsistency: removed AD user not disabled + active user incorrectly marked as DELETED #12

New issue
Open
opened 2026-03-04 00:59:39 +03:00 by kerem · 5 comments
kerem commented 2026-03-04 00:59:39 +03:00
Owner
Copy link

Originally created by @Sh4dow998 on GitHub (Aug 27, 2025).
Original GitHub issue: https://github.com/sirtoobii/vaultwarden_ldap_sync/issues/17

Hello,

I am running Vaultwarden with vaultwarden_ldap_sync in Docker, and I am facing two issues regarding synchronization with Active Directory:

  1. When I remove a user from the AD group (GRP_Vaultwarden), the user (y.nour@toto.com) is still present in the Vaultwarden database and not disabled. In the sync logs, this user does not appear at all, and the user is also no longer present in the Domain Controller (AD).

  2. Another user is unexpectedly marked as DELETED by the sync process, although the account is still present and enabled in Active Directory. This leads to sync attempts failing with an HTTP 404 error when trying to enable the user again. The error persists even after restarting the container.

root@vaultwarden-server:/opt/vaultwarden_ldap_sync# docker compose logs -f
WARN[0000] /opt/vaultwarden_ldap_sync/docker-compose.yaml: the attribute `version` is obsolete, it will be ignored, please remove it to avoid potential confusion
vaultwarden_ldap_sync  | 2025-08-27:12:55:24 INFO [sync.py] Starting...
vaultwarden_ldap_sync  | 2025-08-27:12:55:24 INFO [sync.py] DRYRUN: False
vaultwarden_ldap_sync  | 2025-08-27:12:55:24 INFO [sync.py] LDAP server: 10.82.1.1
vaultwarden_ldap_sync  | 2025-08-27:12:55:24 INFO [sync.py] Vaultwarden URL: https://vaultwarden.toto.net
vaultwarden_ldap_sync  | 2025-08-27:12:55:24 DEBUG [sync.py] Email addresses from source: ['y.creux@toto.com', 'y.ayoubi@toto.com', 'lyon@toto.com', 'k.elhassnaoui@toto.com', 'd.barbosa@toto.com', 'd.buyat@toto.com', 's.djamakorzian@toto.com', 'a.sallerin@toto.com', 'l.fayet@toto.com', 'vw.export@toto.com', 'w.djebali@toto.com']
vaultwarden_ldap_sync  | 2025-08-27:12:55:24 DEBUG [connectionpool.py] Starting new HTTPS connection (1): vaultwarden.toto.net:443
vaultwarden_ldap_sync  | 2025-08-27:12:55:24 DEBUG [connectionpool.py] https://vaultwarden.toto.net:443 "GET /admin/users HTTP/1.1" 401 282
vaultwarden_ldap_sync  | 2025-08-27:12:55:24 DEBUG [vaultwarden.py] Could not authenticate using cookie, trying token
vaultwarden_ldap_sync  | 2025-08-27:12:55:24 DEBUG [connectionpool.py] https://vaultwarden.toto.net:443 "POST /admin HTTP/1.1" 200 118950
vaultwarden_ldap_sync  | 2025-08-27:12:55:24 DEBUG [vaultwarden.py] Authentication using token successful, storing cookie
vaultwarden_ldap_sync  | 2025-08-27:12:55:24 DEBUG [vaultwarden.py] Cookie store found, loading
vaultwarden_ldap_sync  | 2025-08-27:12:55:24 DEBUG [connectionpool.py] https://vaultwarden.toto.net:443 "GET /admin/users HTTP/1.1" 200 89609
vaultwarden_ldap_sync  | 2025-08-27:12:55:24 DEBUG [sync.py] Difference compared to local state/emails source:
vaultwarden_ldap_sync  |  * user_ids_enabled_in_vw: 0
vaultwarden_ldap_sync  |  * user_ids_enable_in_src: 0
vaultwarden_ldap_sync  |  * user_ids_disabled_in_vw: 0
vaultwarden_ldap_sync  |  * user_ids_vanished_in_vw: 1
vaultwarden_ldap_sync  |  * email_vanished_in_src: 0
vaultwarden_ldap_sync  |  * email_vanished_in_both: 0
vaultwarden_ldap_sync  |  * users_with_changed_email: 0
vaultwarden_ldap_sync  |  * adoption_candidates: 9
vaultwarden_ldap_sync  | Pending changes:
vaultwarden_ldap_sync  |  * Invite: 0
vaultwarden_ldap_sync  |  * Enable: 1
vaultwarden_ldap_sync  |  * Disable: 0
vaultwarden_ldap_sync  |
vaultwarden_ldap_sync  | 2025-08-27:12:55:24 INFO [sync.py]  Set state to DELETED for: w.djebali@toto.com
vaultwarden_ldap_sync  | 2025-08-27:12:55:24 DEBUG [vaultwarden.py] Cookie store found, loading
vaultwarden_ldap_sync  | 2025-08-27:12:55:24 DEBUG [connectionpool.py] https://vaultwarden.toto.net:443 "POST /admin/users/7d3b5a4a-bbca-489f-bf45-5cc3ad953064/enable HTTP/1.1" 404 273
vaultwarden_ldap_sync  | 2025-08-27:12:55:24 ERROR [sync.py] Something went wrong. Error: Request returned unexpected return code expected: 200 actual: 404
vaultwarden_ldap_sync  | 2025-08-27:12:55:24 DEBUG [sync.py] Traceback (most recent call last):
vaultwarden_ldap_sync  |   File "/src/vaultwarden_user_sync/sync.py", line 170, in <module>
vaultwarden_ldap_sync  |     vwc.enable_user(user_id)
vaultwarden_ldap_sync  |   File "/src/vaultwarden_user_sync/backends/vaultwarden.py", line 90, in enable_user
vaultwarden_ldap_sync  |     self.make_authenticated_request('{}/admin/users/{}/enable'.format(self.vaultwarden_url, vw_user_id),
vaultwarden_ldap_sync  |   File "/src/vaultwarden_user_sync/backends/vaultwarden.py", line 65, in make_authenticated_request
vaultwarden_ldap_sync  |     raise ConnectionError(
vaultwarden_ldap_sync  | ConnectionError: Request returned unexpected return code expected: 200 actual: 404

What I expected:

  • When a user is removed from the AD group, it should be properly disabled or deleted in Vaultwarden.
  • Users that no longer exist in AD (like y.nour@toto.com) should not remain active in the Vaultwarden DB.
  • Active users should not be incorrectly marked as DELETED, and sync should not fail with 404 errors.

Environment:

  • Vaultwarden version: latest
  • vaultwarden_ldap_sync version: latest

Additional information:

  • The issue persists even after restarting the container.
  • I can provide full logs or configuration details if needed.

I would really like to understand why this happens, and any help or guidance would be greatly appreciated.

Originally created by @Sh4dow998 on GitHub (Aug 27, 2025). Original GitHub issue: https://github.com/sirtoobii/vaultwarden_ldap_sync/issues/17 Hello, I am running Vaultwarden with vaultwarden_ldap_sync in Docker, and I am facing two issues regarding synchronization with Active Directory: 1. When I remove a user from the AD group (GRP_Vaultwarden), the user (y.nour@toto.com) is still present in the Vaultwarden database and not disabled. In the sync logs, this user does not appear at all, and the user is also no longer present in the Domain Controller (AD). 2. Another user is unexpectedly marked as DELETED by the sync process, although the account is still present and enabled in Active Directory. This leads to sync attempts failing with an HTTP 404 error when trying to enable the user again. The error persists even after restarting the container. ``` root@vaultwarden-server:/opt/vaultwarden_ldap_sync# docker compose logs -f WARN[0000] /opt/vaultwarden_ldap_sync/docker-compose.yaml: the attribute `version` is obsolete, it will be ignored, please remove it to avoid potential confusion vaultwarden_ldap_sync | 2025-08-27:12:55:24 INFO [sync.py] Starting... vaultwarden_ldap_sync | 2025-08-27:12:55:24 INFO [sync.py] DRYRUN: False vaultwarden_ldap_sync | 2025-08-27:12:55:24 INFO [sync.py] LDAP server: 10.82.1.1 vaultwarden_ldap_sync | 2025-08-27:12:55:24 INFO [sync.py] Vaultwarden URL: https://vaultwarden.toto.net vaultwarden_ldap_sync | 2025-08-27:12:55:24 DEBUG [sync.py] Email addresses from source: ['y.creux@toto.com', 'y.ayoubi@toto.com', 'lyon@toto.com', 'k.elhassnaoui@toto.com', 'd.barbosa@toto.com', 'd.buyat@toto.com', 's.djamakorzian@toto.com', 'a.sallerin@toto.com', 'l.fayet@toto.com', 'vw.export@toto.com', 'w.djebali@toto.com'] vaultwarden_ldap_sync | 2025-08-27:12:55:24 DEBUG [connectionpool.py] Starting new HTTPS connection (1): vaultwarden.toto.net:443 vaultwarden_ldap_sync | 2025-08-27:12:55:24 DEBUG [connectionpool.py] https://vaultwarden.toto.net:443 "GET /admin/users HTTP/1.1" 401 282 vaultwarden_ldap_sync | 2025-08-27:12:55:24 DEBUG [vaultwarden.py] Could not authenticate using cookie, trying token vaultwarden_ldap_sync | 2025-08-27:12:55:24 DEBUG [connectionpool.py] https://vaultwarden.toto.net:443 "POST /admin HTTP/1.1" 200 118950 vaultwarden_ldap_sync | 2025-08-27:12:55:24 DEBUG [vaultwarden.py] Authentication using token successful, storing cookie vaultwarden_ldap_sync | 2025-08-27:12:55:24 DEBUG [vaultwarden.py] Cookie store found, loading vaultwarden_ldap_sync | 2025-08-27:12:55:24 DEBUG [connectionpool.py] https://vaultwarden.toto.net:443 "GET /admin/users HTTP/1.1" 200 89609 vaultwarden_ldap_sync | 2025-08-27:12:55:24 DEBUG [sync.py] Difference compared to local state/emails source: vaultwarden_ldap_sync | * user_ids_enabled_in_vw: 0 vaultwarden_ldap_sync | * user_ids_enable_in_src: 0 vaultwarden_ldap_sync | * user_ids_disabled_in_vw: 0 vaultwarden_ldap_sync | * user_ids_vanished_in_vw: 1 vaultwarden_ldap_sync | * email_vanished_in_src: 0 vaultwarden_ldap_sync | * email_vanished_in_both: 0 vaultwarden_ldap_sync | * users_with_changed_email: 0 vaultwarden_ldap_sync | * adoption_candidates: 9 vaultwarden_ldap_sync | Pending changes: vaultwarden_ldap_sync | * Invite: 0 vaultwarden_ldap_sync | * Enable: 1 vaultwarden_ldap_sync | * Disable: 0 vaultwarden_ldap_sync | vaultwarden_ldap_sync | 2025-08-27:12:55:24 INFO [sync.py] Set state to DELETED for: w.djebali@toto.com vaultwarden_ldap_sync | 2025-08-27:12:55:24 DEBUG [vaultwarden.py] Cookie store found, loading vaultwarden_ldap_sync | 2025-08-27:12:55:24 DEBUG [connectionpool.py] https://vaultwarden.toto.net:443 "POST /admin/users/7d3b5a4a-bbca-489f-bf45-5cc3ad953064/enable HTTP/1.1" 404 273 vaultwarden_ldap_sync | 2025-08-27:12:55:24 ERROR [sync.py] Something went wrong. Error: Request returned unexpected return code expected: 200 actual: 404 vaultwarden_ldap_sync | 2025-08-27:12:55:24 DEBUG [sync.py] Traceback (most recent call last): vaultwarden_ldap_sync | File "/src/vaultwarden_user_sync/sync.py", line 170, in <module> vaultwarden_ldap_sync | vwc.enable_user(user_id) vaultwarden_ldap_sync | File "/src/vaultwarden_user_sync/backends/vaultwarden.py", line 90, in enable_user vaultwarden_ldap_sync | self.make_authenticated_request('{}/admin/users/{}/enable'.format(self.vaultwarden_url, vw_user_id), vaultwarden_ldap_sync | File "/src/vaultwarden_user_sync/backends/vaultwarden.py", line 65, in make_authenticated_request vaultwarden_ldap_sync | raise ConnectionError( vaultwarden_ldap_sync | ConnectionError: Request returned unexpected return code expected: 200 actual: 404 ``` **What I expected:** - When a user is removed from the AD group, it should be properly disabled or deleted in Vaultwarden. - Users that no longer exist in AD (like y.nour@toto.com) should not remain active in the Vaultwarden DB. - Active users should not be incorrectly marked as DELETED, and sync should not fail with 404 errors. **Environment:** - Vaultwarden version: latest - vaultwarden_ldap_sync version: latest **Additional information:** - The issue persists even after restarting the container. - I can provide full logs or configuration details if needed. I would really like to understand why this happens, and any help or guidance would be greatly appreciated.
kerem commented 2026-03-04 00:59:41 +03:00
Author
Owner
Copy link

@sirtoobii commented on GitHub (Sep 13, 2025):

Hi @Sh4dow998 thank you for the report.
Are you using the latest version of this project? And which Vaultwarden version do you use? Because I was unable to reproduce you issue with both the latest Vaultwarden image and latest version of this repo.

Also to further debug such issues, you can run the script with DUMP_EMAIL_SOURCE=1

<!-- gh-comment-id:3287784097 --> @sirtoobii commented on GitHub (Sep 13, 2025): Hi @Sh4dow998 thank you for the report. Are you using the latest version of this project? And which Vaultwarden version do you use? Because I was unable to reproduce you issue with both the latest Vaultwarden image and latest version of this repo. Also to further debug such issues, you can run the script with `DUMP_EMAIL_SOURCE=1`
kerem commented 2026-03-04 00:59:41 +03:00
Author
Owner
Copy link

@casse-boubou commented on GitHub (Oct 4, 2025):

Hello, I have the same second issue.
I'm using an LDAP directory and Vaultwarden v1.34.3.
vaultwarden_ldap_sync has been built since the last commit on June 18, 2025.
This happened after deleting a user from the Vaultwarden admin panel.
For clarification (maybe not useful) this is a user whose invitation had been sent but who had not validated and created his account on vaultwarden
I don't know what additional information I can provide, but please don't hesitate to ask.
Thank you and thank you for your work.

2025-10-04:22:40:26 INFO [sync.py] Starting...
2025-10-04:22:40:26 INFO [sync.py] DRYRUN: False
2025-10-04:22:40:26 INFO [sync.py] LDAP server: LDAP_URL
2025-10-04:22:40:26 INFO [sync.py] Vaultwarden URL: VAULT_URL
2025-10-04:22:40:26 DEBUG [ldap.py] LDAP request object returned following keys: dict_keys(['objectClass', 'uid', 'givenName', 'cn', 'sn', 'userPassword', 'homeDirectory', 'loginShell', 'displayName', 'jpegPhoto', 'uidNumber', 'gidNumber'])
2025-10-04:22:40:26 DEBUG [sync.py] Email addresses from source: ['mail1@mail.com', 'mail2@mail.com', 'mail3@mail.com', 'mail4@mail.com', 'mail5@mail.com', 'mail6@mail.com', 'mail7@mail.com']
2025-10-04:22:40:26 DEBUG [connectionpool.py] Starting new HTTP connection (1): VAULT_URL
2025-10-04:22:40:26 DEBUG [connectionpool.py] VAULT_URL "GET /admin/users HTTP/1.1" 401 282
2025-10-04:22:40:26 DEBUG [vaultwarden.py] Could not authenticate using cookie, trying token
2025-10-04:22:40:27 DEBUG [connectionpool.py] VAULT_URL "POST /admin HTTP/1.1" 200 118747
2025-10-04:22:40:27 DEBUG [vaultwarden.py] Authentication using token successful, storing cookie
2025-10-04:22:40:27 DEBUG [vaultwarden.py] Cookie store found, loading
2025-10-04:22:40:27 DEBUG [connectionpool.py] VAULT_URL "GET /admin/users HTTP/1.1" 200 20872
2025-10-04:22:40:27 DEBUG [sync.py] Difference compared to local state/emails source:
 * user_ids_enabled_in_vw: 0 
 * user_ids_enable_in_src: 0 
 * user_ids_disabled_in_vw: 0 
 * user_ids_vanished_in_vw: 1 
 * email_vanished_in_src: 0 
 * email_vanished_in_both: 0 
 * users_with_changed_email: 0 
 * adoption_candidates: 2 
Pending changes: 
 * Invite: 0
 * Enable: 1
 * Disable: 0

2025-10-04:22:40:27 INFO [sync.py]  Set state to DELETED for: mail7@mail.com
2025-10-04:22:40:27 DEBUG [vaultwarden.py] Cookie store found, loading
2025-10-04:22:40:27 DEBUG [connectionpool.py] VAULT_URL "POST /admin/users/ab9b8815-4229-4eb0-9beb-a0201deb85c2/enable HTTP/1.1" 404 273
2025-10-04:22:40:27 ERROR [sync.py] Something went wrong. Error: Request returned unexpected return code expected: 200 actual: 404
2025-10-04:22:40:27 DEBUG [sync.py] Traceback (most recent call last):
  File "/src/vaultwarden_user_sync/sync.py", line 170, in <module>
    vwc.enable_user(user_id)
  File "/src/vaultwarden_user_sync/backends/vaultwarden.py", line 90, in enable_user
    self.make_authenticated_request('{}/admin/users/{}/enable'.format(self.vaultwarden_url, vw_user_id),
  File "/src/vaultwarden_user_sync/backends/vaultwarden.py", line 65, in make_authenticated_request
    raise ConnectionError(
ConnectionError: Request returned unexpected return code expected: 200 actual: 404
<!-- gh-comment-id:3368534766 --> @casse-boubou commented on GitHub (Oct 4, 2025): Hello, I have the same second issue. I'm using an LDAP directory and Vaultwarden v1.34.3. vaultwarden_ldap_sync has been built since the last commit on June 18, 2025. This happened after deleting a user from the Vaultwarden admin panel. For clarification (maybe not useful) this is a user whose invitation had been sent but who had not validated and created his account on vaultwarden I don't know what additional information I can provide, but please don't hesitate to ask. Thank you and thank you for your work. ``` 2025-10-04:22:40:26 INFO [sync.py] Starting... 2025-10-04:22:40:26 INFO [sync.py] DRYRUN: False 2025-10-04:22:40:26 INFO [sync.py] LDAP server: LDAP_URL 2025-10-04:22:40:26 INFO [sync.py] Vaultwarden URL: VAULT_URL 2025-10-04:22:40:26 DEBUG [ldap.py] LDAP request object returned following keys: dict_keys(['objectClass', 'uid', 'givenName', 'cn', 'sn', 'userPassword', 'homeDirectory', 'loginShell', 'displayName', 'jpegPhoto', 'uidNumber', 'gidNumber']) 2025-10-04:22:40:26 DEBUG [sync.py] Email addresses from source: ['mail1@mail.com', 'mail2@mail.com', 'mail3@mail.com', 'mail4@mail.com', 'mail5@mail.com', 'mail6@mail.com', 'mail7@mail.com'] 2025-10-04:22:40:26 DEBUG [connectionpool.py] Starting new HTTP connection (1): VAULT_URL 2025-10-04:22:40:26 DEBUG [connectionpool.py] VAULT_URL "GET /admin/users HTTP/1.1" 401 282 2025-10-04:22:40:26 DEBUG [vaultwarden.py] Could not authenticate using cookie, trying token 2025-10-04:22:40:27 DEBUG [connectionpool.py] VAULT_URL "POST /admin HTTP/1.1" 200 118747 2025-10-04:22:40:27 DEBUG [vaultwarden.py] Authentication using token successful, storing cookie 2025-10-04:22:40:27 DEBUG [vaultwarden.py] Cookie store found, loading 2025-10-04:22:40:27 DEBUG [connectionpool.py] VAULT_URL "GET /admin/users HTTP/1.1" 200 20872 2025-10-04:22:40:27 DEBUG [sync.py] Difference compared to local state/emails source: * user_ids_enabled_in_vw: 0 * user_ids_enable_in_src: 0 * user_ids_disabled_in_vw: 0 * user_ids_vanished_in_vw: 1 * email_vanished_in_src: 0 * email_vanished_in_both: 0 * users_with_changed_email: 0 * adoption_candidates: 2 Pending changes: * Invite: 0 * Enable: 1 * Disable: 0 2025-10-04:22:40:27 INFO [sync.py] Set state to DELETED for: mail7@mail.com 2025-10-04:22:40:27 DEBUG [vaultwarden.py] Cookie store found, loading 2025-10-04:22:40:27 DEBUG [connectionpool.py] VAULT_URL "POST /admin/users/ab9b8815-4229-4eb0-9beb-a0201deb85c2/enable HTTP/1.1" 404 273 2025-10-04:22:40:27 ERROR [sync.py] Something went wrong. Error: Request returned unexpected return code expected: 200 actual: 404 2025-10-04:22:40:27 DEBUG [sync.py] Traceback (most recent call last): File "/src/vaultwarden_user_sync/sync.py", line 170, in <module> vwc.enable_user(user_id) File "/src/vaultwarden_user_sync/backends/vaultwarden.py", line 90, in enable_user self.make_authenticated_request('{}/admin/users/{}/enable'.format(self.vaultwarden_url, vw_user_id), File "/src/vaultwarden_user_sync/backends/vaultwarden.py", line 65, in make_authenticated_request raise ConnectionError( ConnectionError: Request returned unexpected return code expected: 200 actual: 404 ```
kerem commented 2026-03-04 00:59:41 +03:00
Author
Owner
Copy link

@casse-boubou commented on GitHub (Oct 5, 2025):

Because line 179 in vaultwarden_user_sync/compare.py returns these values

ma_user_emails_disabled: {'mail7@mail.com'}
vw_user_emails_disabled: set()
source_email_addresses: ['mail1@mail.com', 'mail2@mail.com', 'mail3@mail.com', 'mail4@mail.com', 'mail5@mail.com', 'mail6@mail.com', 'mail7@mail.com']

I think it can be corrected by modifying line 179-180 in vaultwarden_user_sync/compare.py
from

        enabled_emails = (ma_user_emails_disabled.union(vw_user_emails_disabled)).intersection(
            source_email_addresses)

to

        enabled_emails = (ma_user_emails_disabled.intersection(vw_user_emails_disabled)).intersection(
            source_email_addresses)
<!-- gh-comment-id:3368907446 --> @casse-boubou commented on GitHub (Oct 5, 2025): Because line 179 in vaultwarden_user_sync/compare.py returns these values ``` ma_user_emails_disabled: {'mail7@mail.com'} vw_user_emails_disabled: set() source_email_addresses: ['mail1@mail.com', 'mail2@mail.com', 'mail3@mail.com', 'mail4@mail.com', 'mail5@mail.com', 'mail6@mail.com', 'mail7@mail.com'] ``` I think it can be corrected by modifying line 179-180 in vaultwarden_user_sync/compare.py from ``` enabled_emails = (ma_user_emails_disabled.union(vw_user_emails_disabled)).intersection( source_email_addresses) ``` to ``` enabled_emails = (ma_user_emails_disabled.intersection(vw_user_emails_disabled)).intersection( source_email_addresses) ```
kerem commented 2026-03-04 00:59:41 +03:00
Author
Owner
Copy link

@Sh4dow998 commented on GitHub (Oct 13, 2025):

Hi @sirtoobii,
Sorry for the late reply.

I’m running Vaultwarden 1.34.2 with the latest version of vaultwarden_ldap_sync, and I already used DUMP_EMAIL_SOURCE=1.
I’m seeing, I think the same behavior described by @casse-boubou, the issue still occurs with these versions.

<!-- gh-comment-id:3397431507 --> @Sh4dow998 commented on GitHub (Oct 13, 2025): Hi @sirtoobii, Sorry for the late reply. I’m running Vaultwarden 1.34.2 with the latest version of vaultwarden_ldap_sync, and I already used DUMP_EMAIL_SOURCE=1. I’m seeing, I think the same behavior described by @casse-boubou, the issue still occurs with these versions.
kerem commented 2026-03-04 00:59:41 +03:00
Author
Owner
Copy link

@sirtoobii commented on GitHub (Oct 25, 2025):

Hey @casse-boubou

When implementing a unit test for reported issue(s), I was wondering what actually is the expected behavior when deleting a user in the VW admin panel while the user is still present in the LDAP result? I can think of two options:

  • The user is set to DELETED in the local state and is blocked from future invitations. In order to "unlock" this user again, the user has to be manually created in VW again.
  • The LDAP emails are the only source of truth meaning that the user is simply re-invited again.

What do you think?

Edit: A third option came to my mind: Since this question is also relevant when it comes to disabling users in VW, an option would be to exclude all users with manual changes from automatic management until their VW-state matches the local-state again.

<!-- gh-comment-id:3446696171 --> @sirtoobii commented on GitHub (Oct 25, 2025): Hey @casse-boubou When implementing a unit test for reported issue(s), I was wondering what _actually_ is the expected behavior when deleting a user in the VW admin panel while the user is still present in the LDAP result? I can think of two options: - The user is set to `DELETED` in the local state and is blocked from future invitations. In order to "unlock" this user again, the user has to be manually created in VW again. - The LDAP emails are the only source of truth meaning that the user is simply re-invited again. What do you think? **Edit**: A third option came to my mind: Since this question is also relevant when it comes to disabling users in VW, an option would be to exclude all users with manual changes from automatic management until their VW-state matches the local-state again.
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
main
fix/cookie_store_location
fix/user_not_adopted
big-refactor
test/GeorgeIT
1.1.0
1.0.0
Labels
Clear labels   
bug

   
good first issue

   
help wanted

   
pull-request

Mirrored from GitHub Pull Request

  
question

   
question

   
question
No labels
bug
good first issue
help wanted
pull-request
question
question
question
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
starred/vaultwarden_ldap_sync#12
No description provided.