Top Menu

Jump to content
Home
    Modules
      • Projects
      • Activity
      • Work packages
      • Gantt charts
      • Calendars
      • Team planners
      • Boards
      • News
    • Getting started
    • Introduction video
      Welcome to OpenProject Community
      Get a quick overview of project management and team collaboration with OpenProject. You can restart this video from the help menu.

    • Help and support
    • Upgrade to Enterprise edition
    • User guides
    • Videos
    • Shortcuts
    • Community forum
    • Enterprise support

    • Additional resources
    • Data privacy and security policy
    • Digital accessibility (DE)
    • OpenProject website
    • Security alerts / Newsletter
    • OpenProject blog
    • Release notes
    • Report a bug
    • Development roadmap
    • Add and edit translations
    • API documentation
  • Sign in
      Forgot your password?

      or sign in with your existing account

      Google

Side Menu

  • Overview
  • Activity
    Activity
  • Roadmap
  • Work packages
    Work packages
  • Gantt charts
    Gantt charts
  • Calendars
    Calendars
  • Team planners
    Team planners
  • Boards
    Boards
  • News
  • Forums

Content

Updated by Richard Richter about 1 year ago

Most of our users use LDAP authentication which fills in the name and email. However, **users can later change it on their Profile but we want to prevent that** because the changed name causes chaos and confusion to other users.

**Acceptance criteria**

* Users authenticated by LDAP cannot change their name and email. Their attributes are synced daily anyway, it doesn't make sense to allow such a change.
* ~~This This requirement likely needs to be optional, either globally for all LDAP sources or per LDAP source (a bit more complicated but more flexible). This can be achieved even without Admin UI changes if the environment variable flag is used.~~ used.

We (Evolveum) would gladly contribute this feature, I just need some feedback on what is acceptable for you. The profile page for an LDAP user could look like this (normally admin is not an LDAP user, of course, this is just a demo):
<img class="op-uc-image op-uc-image_inline" src="/api/v3/attachments/93568/content">

~~As As for Admin UI, there could be an option such as &quot;Read-only name and email for LDAP users&quot; either on /admin/settings/users or /admin/settings/authentication or per LDAP, e.g. /admin/ldap\_auth\_sources/1/edit~~ /admin/ldap\_auth\_sources/1/edit

~~If If acceptable, I&#39;d prefer that environment variable flag, but I&#39;ll let you decide.~~ decide.

Back

Loading...