[
https://issues.apache.org/jira/browse/JAMES-4078?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=18041796#comment-18041796
]
Benoit Tellier commented on JAMES-4078:
---------------------------------------
> disable login but still receive email
This can easily be achieved by removing the password field, effectively
forbiding to that user to authenticate
Given the simplicity of this solution, supported natively by the underlying
LDAP I see no reasons to implement a complex mechanism, with high impact onto
James code base.
> Ability to disable users
> ------------------------
>
> Key: JAMES-4078
> URL: https://issues.apache.org/jira/browse/JAMES-4078
> Project: James Server
> Issue Type: New Feature
> Components: ldap, UsersStore & UsersRepository
> Reporter: Benoit Tellier
> Priority: Major
> Attachments: image-2024-10-04-10-27-50-537.png
>
>
> h2. Why
> As an administrator I wish to handle users that stops using the service.
> As of today James allows the following (LDAP setup):
> - Using a LDAP filter in order to eclude disabled users from the user list.
> Disabled users thus are considered non-existing: cannot receive emails,
> cannot send emails, and cannot login to read mails.
> As part of a B2C platform I had been requested to allow "reversibility" ie a
> user that stopped paying the service shall not be able to use it (send /
> receive / receive emails) but shal still be able to receive his mails. We
> were able to achieve that using LDAP matchers.
> However there remains the case where the want to disable login but still
> receive email.
> This is for instance the case if an account had been compromised. Or could be
> useful for some B2B organisation.
> h2. How
> Classic representation is to use accountStatus: no_access
> Note that this requires custom schema. We shall make configuration the
> attibute holding the value and the rejected values:
> <accountStatusAttribute>description</accountStatusAttribute>
> <accountStatusDisabledLoginValues>disabled,no_access</accountStatusDisabledLoginValues>
> Using LDAP users repository we can read that attribute upon auth, persist it
> in the LDAPUser class and validate the value is effectively activated when
> querying the verifyPassword method.
> h2. Timeline of work
> We will have an intern/linagora newcomer eventually contributing this at some
> point.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
