[jira] [Commented] (JAMES-4078) Ability to disable users

Mon, 01 Dec 2025 02:47:37 -0800 


    [ 
https://issues.apache.org/jira/browse/JAMES-4078?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=18041800#comment-18041800
 ] 

Felix commented on JAMES-4078:
------------------------------

Our deployment uses OAuth2 access tokens for logging in and the web API to 
create users (so that they can receive emails before the first login). We do 
not use LDAP and the password field is removed for all users. So sadly, we 
cannot disable users based on your propositions.

> Ability to disable users
> ------------------------
>
>                 Key: JAMES-4078
>                 URL: https://issues.apache.org/jira/browse/JAMES-4078
>             Project: James Server
>          Issue Type: New Feature
>          Components: ldap, UsersStore & UsersRepository
>            Reporter: Benoit Tellier
>            Priority: Major
>         Attachments: image-2024-10-04-10-27-50-537.png
>
>
> h2. Why
> As an administrator I wish to handle users that stops using the service.
> As of today James allows the following (LDAP setup):
>  - Using a LDAP filter in order to eclude disabled users from the user list. 
> Disabled users thus are considered non-existing: cannot receive emails, 
> cannot send emails, and cannot login to read mails.
> As part of a B2C platform I had been requested to allow "reversibility" ie a 
> user that stopped paying the service shall not be able to use it (send / 
> receive / receive emails) but shal still be able to receive his mails. We 
> were able to achieve that using LDAP matchers.
> However there remains the case where the want to disable login but still 
> receive email.
> This is for instance the case if an account had been compromised. Or could be 
> useful for some B2B organisation.
> h2.  How
> Classic representation is to use accountStatus: no_access
> Note that this requires custom schema. We shall make configuration the 
> attibute holding the value and the rejected values:
> <accountStatusAttribute>description</accountStatusAttribute>
> <accountStatusDisabledLoginValues>disabled,no_access</accountStatusDisabledLoginValues>
> Using LDAP users repository we can read that attribute upon auth, persist it 
> in the LDAPUser class and validate the value is effectively activated when 
> querying the verifyPassword method.
> h2. Timeline of work
> We will have an intern/linagora newcomer eventually contributing this at some 
> point.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to