[jira] [Commented] (JAMES-4078) Ability to disable users

Sun, 14 Sep 2025 14:30:27 -0700 


    [ 
https://issues.apache.org/jira/browse/JAMES-4078?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=18020198#comment-18020198
 ] 

Benoit Tellier commented on JAMES-4078:
---------------------------------------

We can easily do this by allowing one to specify 2 filters:

    One used for user listing / existance
    One used upon auth

That way we could easily say nope to accountStatus: no_access while still 
receiving emails for that user..

> Ability to disable users
> ------------------------
>
>                 Key: JAMES-4078
>                 URL: https://issues.apache.org/jira/browse/JAMES-4078
>             Project: James Server
>          Issue Type: New Feature
>          Components: ldap, UsersStore & UsersRepository
>            Reporter: Benoit Tellier
>            Priority: Major
>         Attachments: image-2024-10-04-10-27-50-537.png
>
>
> h2. Why
> As an administrator I wish to handle users that stops using the service.
> As of today James allows the following (LDAP setup):
>  - Using a LDAP filter in order to eclude disabled users from the user list. 
> Disabled users thus are considered non-existing: cannot receive emails, 
> cannot send emails, and cannot login to read mails.
> As part of a B2C platform I had been requested to allow "reversibility" ie a 
> user that stopped paying the service shall not be able to use it (send / 
> receive / receive emails) but shal still be able to receive his mails. We 
> were able to achieve that using LDAP matchers.
> However there remains the case where the want to disable login but still 
> receive email.
> This is for instance the case if an account had been compromised. Or could be 
> useful for some B2B organisation.
> h2.  How
> Classic representation is to use accountStatus: no_access
> Note that this requires custom schema. We shall make configuration the 
> attibute holding the value and the rejected values:
> <accountStatusAttribute>description</accountStatusAttribute>
> <accountStatusDisabledLoginValues>disabled,no_access</accountStatusDisabledLoginValues>
> Using LDAP users repository we can read that attribute upon auth, persist it 
> in the LDAPUser class and validate the value is effectively activated when 
> querying the verifyPassword method.
> h2. Timeline of work
> We will have an intern/linagora newcomer eventually contributing this at some 
> point.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to