0004906: new user email incorrect when using LDAP backend - MantisBT

ID	Project	Category	View Status	Date Submitted	Last Update
0004906	mantisbt	ldap	public	2004-11-25 00:59	2012-08-17 14:11

Reporter	karl	Assigned To	dregad
Priority	normal	Severity	minor	Reproducibility	always
Status	closed	Resolution	no change required
Product Version	0.19.1

Summary	0004906: new user email incorrect when using LDAP backend
Description	When using LDAP a newly created user gets an email with instructions to change their password using the supplied URL. Of course if they try and do this it doesn't work. When LDAP is used at the back end, until users can actually change their passwords they should not get this email, or alternately get a modified email.
Tags	No tags attached.

epu 2004-12-13 13:36 reporter ~0008602	can someone please reproduce this and mark it confirmed? I've tried with my 19.1 install using LDAP and it doesn't send the new user email, but there's the chance that my config is mis-configed. I used both a non-existing ldap user and an existing ldap user. I have new user signup disabled ($g_allow_signup = OFF;) since only LDAP users will be allowed in.

vwegert 2005-07-19 14:12 reporter ~0010874	Since the LDAP code in user_signup() is currently disabled, there's no point in investigating this issue at the moment.

ape 2007-01-16 19:55 reporter ~0013930	After doing some more work on bug 0005595, I can confirm this bug (0004906) here. Mantis 1.0.6, Windows server, $g_allow_signup = OFF.

ape 2007-01-16 20:18 reporter ~0013931	Some observations/thoughts: 1) In signup.php, signup is prevented if allow_signup=OFF. We could also bail at this point if login_method=LDAP. I believe that this is the only code that calls user_signup() so user_signup() would therefore never be called if login_method=LDAP. We could put a test for login_method=LDAP in user_signup(), just to be extra safe, I suppose. 2) A similar change to print_signup_link() in print_api.php could prevent the signup link being printed if login_method=LDAP too. 3) user_create() in user_api.php would probably need a tweak too. The sending of the notification email at the end of the function could be safely skipped. Or instead, if login_method=LDAP, a simple 'welcome to Mantis' email could be sent? Is there anything I've missed, or would that cover it?

ape 2008-03-10 11:15 reporter ~0017307	Well I was about to start work on a patch for this when I noticed that the configuration option $g_send_reset_password will block the sending of the signup email (whatever login method is used). That seems to solve the symptoms but not really the cause of this bug. Do we think that is sufficient?

vboctor 2009-07-06 06:10 manager ~0022418	I think this should be fixed in the following way: Users should be able to signup when LDAP is enabled (and signup is enabled), this should trigger a Welcome email and they should be able to login using their LDAP password. This would not be necessary, if we implement the feature where such users can directly login and an account would be auto-created for them. At this point, the same welcome email should be sent. When administrators create user accounts, the users should get a welcome email. Users can then go ahead and login with their LDAP password. There should be no email verification links in emails sent to LDAP users.

vboctor 2009-07-19 21:38 manager ~0022532	Can you please check if this is still an issue with the latest code? I've done a lot of changes in this area and my understanding is that this is resolved.

dregad 2012-08-03 06:21 developer ~0032458	As mentioned by vboctor, this is not an issue with current version of MantisBT