These are my settings. When I do a “Synchronize external user data” under the Dashboard tab and check the log. It seems to work fine except it can’t find the user I setup that uses this Auth Source. Logging in as this user doesn’t work either.
This is what the log says…
“2020/06/23 12:14:01 models/user.go:1778:SyncExternalUsers() [E] LDAP search found no entries but did not report an error. Refusing to deactivate all users”
So got it to work by simplifying the User filter. Could not get it to work with the example filter thats provided on the site. Instead I used (&(objectCategory=Person)(userPrincipalName=%s))
Once I did this it let me login. But I did notice some issues in the Log file. If I try to do the “Synchronize external user data” under the Dashboard tab. It says this for all of the users. Does it not like the “-” in the domain name?
2020/06/24 10:29:57 models/user.go:1836:SyncExternalUsers() [E] SyncExternalUsers[ARH-NT2]: Error creating user email@example.com: User name is invalid [firstname.lastname@example.org]: must be valid alpha or numeric or dash(-_) or dot characters
Also noticed when it runs across this issue it will automatically deactivate any AD user. Disabling “Enable User Synchronization” stopped the deactivation.