0022722: Mantis user who are disabled or deleted in database still have access

ID	Project	Category	View Status	Date Submitted	Last Update
0022722	mantisbt	authentication	public	2017-04-13 04:22	2017-07-27 04:10

Reporter	lracape	Assigned To	atrol
Priority	normal	Severity	minor	Reproducibility	always
Status	closed	Resolution	no change required
Product Version	2.0.0

Summary	0022722: Mantis user who are disabled or deleted in database still have access
Description	Dear, I have configured an LDAP authentication in the mantisbt (Linux environment). But for new users (not added in the user database), they have a restricted access to Mantis (without possibility to create issue, but access to the interface). Is it a normal process and can we completely disable access ? thank you
Tags	No tags attached.

lracape 2017-07-12 03:37 reporter ~0057207	Mantis user disabled doesn't have access anymore and see a message at the log on : OK But user deleted have a restricted access, however I think they should have the same message as "disabled" user Please help

atrol 2017-07-17 17:05 developer ~0057249	This works as designed. Users who exist in LDAP and are authenticated with the right password are added to MantisBT users if they do not exist. There is no way to find out if a user has been ever deleted, as there is no list of deleted users. This means that deleted users can not be treated like disabled users. There is a feature request 0014401 and an attached patch to be able to configure the auto-creation of users.