View Issue Details

IDProjectCategoryView StatusLast Update
0022722mantisbtauthenticationpublic2017-07-27 04:10
Reporterlracape Assigned Toatrol  
PrioritynormalSeverityminorReproducibilityalways
Status closedResolutionno change required 
Product Version2.0.0 
Target VersionFixed in Version 
Summary0022722: Mantis user who are disabled or deleted in database still have access
Description

Dear,
I have configured an LDAP authentication in the mantisbt (Linux environment).
But for new users (not added in the user database), they have a restricted access to Mantis (without possibility to create issue, but access to the interface).
Is it a normal process and can we completely disable access ?
thank you

TagsNo tags attached.

Relationships

related to 0014401 acknowledged Non-existent mantis users added as reporter after LDAP authenication 

Activities

lracape

lracape

2017-07-12 03:37

reporter   ~0057207

Mantis user disabled doesn't have access anymore and see a message at the log on : OK
But user deleted have a restricted access, however I think they should have the same message as "disabled" user
Please help

atrol

atrol

2017-07-17 17:05

developer   ~0057249

This works as designed.

Users who exist in LDAP and are authenticated with the right password are added to MantisBT users if they do not exist.

There is no way to find out if a user has been ever deleted, as there is no list of deleted users.
This means that deleted users can not be treated like disabled users.

There is a feature request 0014401 and an attached patch to be able to configure the auto-creation of users.

Issue History

Date Modified Username Field Change
2017-04-13 04:22 lracape New Issue
2017-07-12 03:37 lracape Note Added: 0057207
2017-07-17 17:05 atrol Assigned To => atrol
2017-07-17 17:05 atrol Status new => resolved
2017-07-17 17:05 atrol Resolution open => no change required
2017-07-17 17:05 atrol Note Added: 0057249
2017-07-17 17:05 atrol Relationship added related to 0014401
2017-07-27 04:10 atrol Status resolved => closed