Why:
when a computer no longer matches the LDAP filter, GLPI keeps it forever. Mirrors the core AuthLDAP "action on deleted user" pattern.
What:
- Strategy field on SyncFilter: do nothing (default) / move to trash / change status (configurable)
- Provenance tracking already exists via the agent deviceid prefix advancedldap-{syncfilter_id}-{guid} — use it to find GLPI items owned by a filter
- Safety guard: strategy only applies when the LDAP search completed without truncation or errors — never on a partial result
- Dry-run preview shows would_delete alongside would_create/would_update
- Lifecycle actions logged in execution history
- Unit tests, including the "truncated result → no deletion" guard
Depends on:
"Support LDAP paged results" + "Persist sync execution history" (benefits from CronTask too)
Why:
when a computer no longer matches the LDAP filter, GLPI keeps it forever. Mirrors the core AuthLDAP "action on deleted user" pattern.
What:
Depends on:
"Support LDAP paged results" + "Persist sync execution history" (benefits from CronTask too)