Auto removimg users from ldap groups

Hi guys!
I have installed and configured xwiki 13.2 Ubuntu 20.04 Tomcat9 PGSQL
Configured integration with AD using LDAP Authenticator / LDAP Application.
Everything works, users are created and authorized, fields are filled in, groups are created.
But, when I remove a user from the AD group, it remains in the Xwiki group. ResetGroupCashe doesn’t help.
What to do?
Thanks in advance!

Yes that’s a current limitation of the authenticator. The reason is that updates are done when a user authenticate and by definition a removed user is not going to try to authenticate.

All you can do right now is manually disable/remove a user you moved on LDAP side.

The only way to support this auto disable/remove would be to write a scheduler which regularly check if all the XWiki LDAP users still exist on the LDAP server side.

Thanks for the answer!
Apparently you didn’t understand)
When I remove a user from the AD group, it remains in the XWIKI group
My english is bad(

Indeed, I read a bit too fast. Users authenticating are definitely removed from configured groups when there are no longer in there on LDAP side.

I can only think of the following reasons:

  • the user did not authenticate yet (as I explain any user related change is done when this user authenticate)
  • you have xwiki.authentication.ldap.mode_group_sync=create instead of the default always
  • the group cache was not really invalidated (you can make extra sure of that by restarting XWiki)

Thank you so much!
Can I make changes at the same time, both through the GUI and through xwiki.cfg?

Any change to xwiki.cfg requires a restart to be taken into account.

Does not work.
Please advise which log to look at?
I have been working with XWIKI for two days))

Did you check on how to enable debug log for LDAP ?

Checked it out. It also happens in LTSC.
I turned on logging, but where can I watch the logs?

You can find some help on Logging ( regarding where to find the log depending on your setup.

Nothing interesting( Only tomcat logs
Any ideas?