Benoit Tellier created JAMES-4078:
-------------------------------------
Summary: Ability to disable users
Key: JAMES-4078
URL: https://issues.apache.org/jira/browse/JAMES-4078
Project: James Server
Issue Type: New Feature
Components: ldap, UsersStore & UsersRepository
Reporter: Benoit Tellier
Attachments: image-2024-10-04-10-27-50-537.png
h2. Why
As an administrator I wish to handle users that stops using the service.
As of today James allows the following (LDAP setup):
- Using a LDAP filter in order to eclude disabled users from the user list.
Disabled users thus are considered non-existing: cannot receive emails, cannot
send emails, and cannot login to read mails.
As part of a B2C platform I had been requested to allow "reversibility" ie a
user that stopped paying the service shall not be able to use it (send /
receive / receive emails) but shal still be able to receive his mails. We were
able to achieve that using LDAP matchers.
However there remains the case where the want to disable login but still
receive email.
This is for instance the case if an account had been compromised. Or could be
useful for some B2B organisation.
h2. How
Classic representation is to use accountStatus: no_access
Note that this requires custom schema. We shall make configuration the attibute
holding the value and the rejected values:
<accountStatusAttribute>description</accountStatusAttribute>
<accountStatusDisabledLoginValues>disabled,no_access</accountStatusDisabledLoginValues>
Using LDAP users repository we can read that attribute upon auth, persist it in
the LDAPUser class and validate the value is effectively activated when
querying the verifyPassword method.
h2. Timeline of work
We will have an intern/linagora newcomer eventually contributing this at some
point.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
