View Issue Details
ID | Project | Category | View Status | Date Submitted | Last Update |
---|---|---|---|---|---|
0012804 | mantisbt | ldap | public | 2011-02-23 16:16 | 2011-03-02 08:59 |
Reporter | rgomes1997 | Assigned To | |||
Priority | normal | Severity | minor | Reproducibility | always |
Status | new | Resolution | open | ||
Product Version | 1.2.4 | ||||
Summary | 0012804: Should not allow username to be edited when using LDAP | ||||
Description | Once user names are retrieved from LDAP, the field "UserName" should not be editable when you Other fields, like realname and email can be properly retrieved from LDAP using configuration like this...
... which causes these fields not being editable. In file manage_user_edit_page.php we can see that the username is always editable, which does not make sense because it is managed by LDAP. | ||||
Tags | No tags attached. | ||||
Possibly related to Issue # 10910 |
|
I believe it does make sense to be able to edit the username, unless your LDAP system manages the Mantis user table (i.e. updates the username when the corresponding LDAP field is changed) It was useful for me to be able to update the username in Mantis on a few occasions (following a change of their ID in the LDAP system) - this way the user could keep their history of activity in the system. So, IMHO, not a bug but a feature. |
|
I haven't considered this possibility. I never had to change usernames in our LDAP repo. When I first stumbled with the form I had the feeling it could be potentially harmful if someone changes the username by accident. Considering what the rule is and what the exception is in this case, editing the username should be disabled by default, IMHO. I mean: if you really need to do this, you should explicitly enable this functionality in the configuration file, which means that you know exactly what you are doing. |
|