Deactivate user
-
You could just lock him out of the account by changing the recovery mail to his own mailbox and than change his password by setup link. To regain access just give him another setup link. Thats how I do it. It's not very "professional" but the best way so far.
@nebulon I work for a club and we have a lot of active members. Some of them are not as active as we wish for and from time to time (after half a year) I'm not quiet sure if they still can be counted as "active". I would very wish to have to option to just deactivate them. So it does not feel like being thrown out and there is an easy way to get back (apart from the technical steps that have to be done for every service the user has access to).
PS: I would really love to use cloudron LDAP groups for stuff like nextcloud but this was already discussed somewhere else.
-
@nebulon One use case, at least in the united states is some companies need to be compliant with FOIA requests (RE: cities, charities, schools, etc) which requires the account and all data to remain unmodified for certain requests. This can allow for a disabled account (to prevent unauthorized deletion of emails as an example.)
-
Apps / Dashboard / Mail(!). For apps, this can be complicated because some just sync the directory and search for users, not looking for things like pwdAccountLockedTime (used in OpenLDAP to lock accounts). If I remember correctly, e.g. gitlab tokens are also not affected if the user is disabled in LDAP.
Some notes:
- deactivating users should always be quite
- messing with user passwords is never a good solution
- disabling an account means that no other person may have access (in case of legal investigations, this is very handy)
-
We have added a user
activeflag for the next release. When you de-activate a user, it simply won't let them login to the dashboard or any of the apps. No notification is sent to the user that he/she was disabled. In the admin view, you will see a grayed out user (which you can re-activate).
