0012804: Should not allow username to be edited when using LDAP - MantisBT

ID	Project	Category	View Status	Date Submitted	Last Update

0012804	mantisbt	ldap	public	2011-02-23 16:16	2011-03-02 08:59

Reporter	rgomes1997	Assigned To
Priority	normal	Severity	minor	Reproducibility	always
Status	new	Resolution	open
Product Version	1.2.4

Summary	0012804: Should not allow username to be edited when using LDAP
Description	Once user names are retrieved from LDAP, the field "UserName" should not be editable when you Manage > Manage Users Other fields, like realname and email can be properly retrieved from LDAP using configuration like this... `$g_use_ldap_realname = ON; $g_use_ldap_email = ON;` ... which causes these fields not being editable. In file manage_user_edit_page.php we can see that the username is always editable, which does not make sense because it is managed by LDAP.
Tags	No tags attached.

rgomes1997 2011-02-23 16:18 reporter ~0028289	Possibly related to Issue # 10910

dregad 2011-03-02 08:38 developer ~0028343	I believe it does make sense to be able to edit the username, unless your LDAP system manages the Mantis user table (i.e. updates the username when the corresponding LDAP field is changed) It was useful for me to be able to update the username in Mantis on a few occasions (following a change of their ID in the LDAP system) - this way the user could keep their history of activity in the system. So, IMHO, not a bug but a feature.

rgomes1997 2011-03-02 08:59 reporter ~0028345	I haven't considered this possibility. I never had to change usernames in our LDAP repo. When I first stumbled with the form I had the feeling it could be potentially harmful if someone changes the username by accident. Considering what the rule is and what the exception is in this case, editing the username should be disabled by default, IMHO. I mean: if you really need to do this, you should explicitly enable this functionality in the configuration file, which means that you know exactly what you are doing.