You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@ofbiz.apache.org by Robert Volke <rv...@bgeltd.com> on 2008/07/01 21:41:56 UTC
Users with disabled accounts are still able to login
I can' t seem to figure out how to disable user IDs properly. I reviewed the documentation I could find and followed the disable process for one of my admin accounts but I can still login using the disabled account. The steps I used are below:
- Logged into the Party Manager as a different administrator with full rights
- searched for the 'admin' party
- Under the user Name(s) section I clicked the Edit link for the target admin account
- I set the Enabled Flag to "N" and set a Disabled Date Time to the current time before clicking the appropriate save link.
After doing these steps, the Disabled status shows up in the User Name(s) section of the Profile page for the target admin, but if I log off, and try to login again as the disabled administrator I am still able to login. Is there some step I am missing?
Note: We are running on Apache OFBiz Release 4.0
Thank you,
Robert Volke
Re: Users with disabled accounts are still able to login
Posted by BJ Freeman <bj...@free-man.net>.
I am guessing there is a bug that when you entered the disable time.
this is normally set by the system when there is a login try.
Robert Volke sent the following on 7/1/2008 12:41 PM:
> I can' t seem to figure out how to disable user IDs properly. I reviewed the documentation I could find and followed the disable process for one of my admin accounts but I can still login using the disabled account. The steps I used are below:
> - Logged into the Party Manager as a different administrator with full rights
> - searched for the 'admin' party
> - Under the user Name(s) section I clicked the Edit link for the target admin account
> - I set the Enabled Flag to "N" and set a Disabled Date Time to the current time before clicking the appropriate save link.
>
> After doing these steps, the Disabled status shows up in the User Name(s) section of the Profile page for the target admin, but if I log off, and try to login again as the disabled administrator I am still able to login. Is there some step I am missing?
>
> Note: We are running on Apache OFBiz Release 4.0
>
> Thank you,
> Robert Volke
>
>
>
>
Re: Users with disabled accounts are still able to login
Posted by snowc <ch...@gmail.com>.
In MHO, while not permanently disabling accounts for failed logins may be
desirable, this behaviour is not desirable for the admin interface. The
default for the admin interface should be to permanently disable the
account.
David E Jones wrote:
>
>
> The reason for this (which is configuration in the security.properties
> file, BTW, and is documented in the production setup guide) is that
> repeated login attempts usually cause an account to be disabled, but
> people usually don't want permanent disabling because of the internal/
> customer service headaches. Enabling after five minutes (and telling
> the user that will happen) still makes brute-force password guessing
> attacks pretty much impossible, but gives the user a way to get back
> in without making a phone call.
>
> -David
>
>
> On Jul 1, 2008, at 3:09 PM, Robert Volke wrote:
>
>> Wow, that did the trick. When I first saved the Enabled flag change
>> to N, it automatically populated the disabled date, so I deleted
>> this date and saved the change again. Now the disabled admin can no
>> longer login. It looks like if you simply disable an account and
>> leave the time stamp, it will automatically enable again in 5
>> minutes. I'm not sure why it does this, and I didn't see a way to
>> change the end date for the disable so I'm going to inform my users
>> to use this work around.
>>
>> Thank you for all of the help,
>> Robert Volke
>>
>>>>> Bilgin Ibryam <bi...@iguanait.com> 7/1/2008 3:53:22 PM >>>
>>
>> Hi Robert,
>>
>> try to set the Enabled Flag to "N" WITHOUT Disabled Date Time.
>>
>> Bilgin
>>
>> ----------------------------------------------------------------
>> This message was sent using IMP, the Internet Messaging Program.
>>
>>
>
>
>
--
View this message in context: http://www.nabble.com/Users-with-disabled-accounts-are-still-able-to-login-tp18223799p25314222.html
Sent from the OFBiz - User mailing list archive at Nabble.com.
Re: Users with disabled accounts are still able to login
Posted by snowc <ch...@gmail.com>.
Thanks BJ, I have commented out the code in LoginServices.java.
Thinking a bit deeper about the admin screen behaviour - why would admin
only want to temporarily disable an account for 5 minutes?
BJ Freeman wrote:
>
> you can recode the re-activation service so if there is no date it will
> not re-activate.
>
>
> snowc sent the following on 9/5/2009 7:53 PM:
>> In MHO, while not permanently disabling accounts for failed logins may be
>> desirable, this behaviour is not desirable for the admin interface. The
>> default for the admin interface should be to permanently disable the
>> account.
>>
>>
>> David E Jones wrote:
>>>
>>> The reason for this (which is configuration in the security.properties
>>> file, BTW, and is documented in the production setup guide) is that
>>> repeated login attempts usually cause an account to be disabled, but
>>> people usually don't want permanent disabling because of the internal/
>>> customer service headaches. Enabling after five minutes (and telling
>>> the user that will happen) still makes brute-force password guessing
>>> attacks pretty much impossible, but gives the user a way to get back
>>> in without making a phone call.
>>>
>>> -David
>>>
>>>
>>> On Jul 1, 2008, at 3:09 PM, Robert Volke wrote:
>>>
>>>> Wow, that did the trick. When I first saved the Enabled flag change
>>>> to N, it automatically populated the disabled date, so I deleted
>>>> this date and saved the change again. Now the disabled admin can no
>>>> longer login. It looks like if you simply disable an account and
>>>> leave the time stamp, it will automatically enable again in 5
>>>> minutes. I'm not sure why it does this, and I didn't see a way to
>>>> change the end date for the disable so I'm going to inform my users
>>>> to use this work around.
>>>>
>>>> Thank you for all of the help,
>>>> Robert Volke
>>>>
>>>>>>> Bilgin Ibryam <bi...@iguanait.com> 7/1/2008 3:53:22 PM >>>
>>>> Hi Robert,
>>>>
>>>> try to set the Enabled Flag to "N" WITHOUT Disabled Date Time.
>>>>
>>>> Bilgin
>>>>
>>>> ----------------------------------------------------------------
>>>> This message was sent using IMP, the Internet Messaging Program.
>>>>
>>>>
>>>
>>>
>>
>
> --
> BJ Freeman
> http://www.businessesnetwork.com/automation
> http://bjfreeman.elance.com
> http://www.linkedin.com/profile?viewProfile=&key=1237480&locale=en_US&trk=tab_pro
> Systems Integrator.
>
>
>
--
View this message in context: http://www.nabble.com/Users-with-disabled-accounts-are-still-able-to-login-tp18223799p25314413.html
Sent from the OFBiz - User mailing list archive at Nabble.com.
Re: Users with disabled accounts are still able to login
Posted by BJ Freeman <bj...@free-man.net>.
I agree with david.
snowc sent the following on 9/5/2009 8:46 PM:
> Thanks BJ, I have commented out the code in LoginServices.java.
>
> Thinking a bit deeper about the admin screen behaviour - why would admin
> only want to temporarily disable an account for 5 minutes?
>
>
> BJ Freeman wrote:
>> you can recode the re-activation service so if there is no date it will
>> not re-activate.
>>
>>
>> snowc sent the following on 9/5/2009 7:53 PM:
>>> In MHO, while not permanently disabling accounts for failed logins may be
>>> desirable, this behaviour is not desirable for the admin interface. The
>>> default for the admin interface should be to permanently disable the
>>> account.
>>>
>>>
>>> David E Jones wrote:
>>>> The reason for this (which is configuration in the security.properties
>>>> file, BTW, and is documented in the production setup guide) is that
>>>> repeated login attempts usually cause an account to be disabled, but
>>>> people usually don't want permanent disabling because of the internal/
>>>> customer service headaches. Enabling after five minutes (and telling
>>>> the user that will happen) still makes brute-force password guessing
>>>> attacks pretty much impossible, but gives the user a way to get back
>>>> in without making a phone call.
>>>>
>>>> -David
>>>>
>>>>
>>>> On Jul 1, 2008, at 3:09 PM, Robert Volke wrote:
>>>>
>>>>> Wow, that did the trick. When I first saved the Enabled flag change
>>>>> to N, it automatically populated the disabled date, so I deleted
>>>>> this date and saved the change again. Now the disabled admin can no
>>>>> longer login. It looks like if you simply disable an account and
>>>>> leave the time stamp, it will automatically enable again in 5
>>>>> minutes. I'm not sure why it does this, and I didn't see a way to
>>>>> change the end date for the disable so I'm going to inform my users
>>>>> to use this work around.
>>>>>
>>>>> Thank you for all of the help,
>>>>> Robert Volke
>>>>>
>>>>>>>> Bilgin Ibryam <bi...@iguanait.com> 7/1/2008 3:53:22 PM >>>
>>>>> Hi Robert,
>>>>>
>>>>> try to set the Enabled Flag to "N" WITHOUT Disabled Date Time.
>>>>>
>>>>> Bilgin
>>>>>
>>>>> ----------------------------------------------------------------
>>>>> This message was sent using IMP, the Internet Messaging Program.
>>>>>
>>>>>
>>>>
>> --
>> BJ Freeman
>> http://www.businessesnetwork.com/automation
>> http://bjfreeman.elance.com
>> http://www.linkedin.com/profile?viewProfile=&key=1237480&locale=en_US&trk=tab_pro
>> Systems Integrator.
>>
>>
>>
>
--
BJ Freeman
http://www.businessesnetwork.com/automation
http://bjfreeman.elance.com
http://www.linkedin.com/profile?viewProfile=&key=1237480&locale=en_US&trk=tab_pro
Systems Integrator.
Re: Users with disabled accounts are still able to login
Posted by BJ Freeman <bj...@free-man.net>.
you can recode the re-activation service so if there is no date it will
not re-activate.
snowc sent the following on 9/5/2009 7:53 PM:
> In MHO, while not permanently disabling accounts for failed logins may be
> desirable, this behaviour is not desirable for the admin interface. The
> default for the admin interface should be to permanently disable the
> account.
>
>
> David E Jones wrote:
>>
>> The reason for this (which is configuration in the security.properties
>> file, BTW, and is documented in the production setup guide) is that
>> repeated login attempts usually cause an account to be disabled, but
>> people usually don't want permanent disabling because of the internal/
>> customer service headaches. Enabling after five minutes (and telling
>> the user that will happen) still makes brute-force password guessing
>> attacks pretty much impossible, but gives the user a way to get back
>> in without making a phone call.
>>
>> -David
>>
>>
>> On Jul 1, 2008, at 3:09 PM, Robert Volke wrote:
>>
>>> Wow, that did the trick. When I first saved the Enabled flag change
>>> to N, it automatically populated the disabled date, so I deleted
>>> this date and saved the change again. Now the disabled admin can no
>>> longer login. It looks like if you simply disable an account and
>>> leave the time stamp, it will automatically enable again in 5
>>> minutes. I'm not sure why it does this, and I didn't see a way to
>>> change the end date for the disable so I'm going to inform my users
>>> to use this work around.
>>>
>>> Thank you for all of the help,
>>> Robert Volke
>>>
>>>>>> Bilgin Ibryam <bi...@iguanait.com> 7/1/2008 3:53:22 PM >>>
>>> Hi Robert,
>>>
>>> try to set the Enabled Flag to "N" WITHOUT Disabled Date Time.
>>>
>>> Bilgin
>>>
>>> ----------------------------------------------------------------
>>> This message was sent using IMP, the Internet Messaging Program.
>>>
>>>
>>
>>
>
--
BJ Freeman
http://www.businessesnetwork.com/automation
http://bjfreeman.elance.com
http://www.linkedin.com/profile?viewProfile=&key=1237480&locale=en_US&trk=tab_pro
Systems Integrator.
Re: Users with disabled accounts are still able to login
Posted by David E Jones <jo...@hotwaxmedia.com>.
The reason for this (which is configuration in the security.properties
file, BTW, and is documented in the production setup guide) is that
repeated login attempts usually cause an account to be disabled, but
people usually don't want permanent disabling because of the internal/
customer service headaches. Enabling after five minutes (and telling
the user that will happen) still makes brute-force password guessing
attacks pretty much impossible, but gives the user a way to get back
in without making a phone call.
-David
On Jul 1, 2008, at 3:09 PM, Robert Volke wrote:
> Wow, that did the trick. When I first saved the Enabled flag change
> to N, it automatically populated the disabled date, so I deleted
> this date and saved the change again. Now the disabled admin can no
> longer login. It looks like if you simply disable an account and
> leave the time stamp, it will automatically enable again in 5
> minutes. I'm not sure why it does this, and I didn't see a way to
> change the end date for the disable so I'm going to inform my users
> to use this work around.
>
> Thank you for all of the help,
> Robert Volke
>
>>>> Bilgin Ibryam <bi...@iguanait.com> 7/1/2008 3:53:22 PM >>>
>
> Hi Robert,
>
> try to set the Enabled Flag to "N" WITHOUT Disabled Date Time.
>
> Bilgin
>
> ----------------------------------------------------------------
> This message was sent using IMP, the Internet Messaging Program.
>
>
Re: Users with disabled accounts are still able to login
Posted by Adrian Crum <ad...@hlmksw.com>.
Maybe all that is needed is a tooltip stating what to do to permanently
disable the account.
-Adrian
masionas wrote:
> Ok. My concern is about functional design of Disable/Enable status section
> in Party manager for UserLogin entity. It looks, it is the right place to
> control it for a given party. The only design drawback I see there as it is
> now is that it disables login for 5 min and then re-enable it. In a real
> world scenario who needs this funcitonlity? Why you would disable login for
> 5 min manually and as I remember it does not give a note that it was
> disabled only for 5 min?
>
> I think no need to have it as a separate function in Webtools as it is
> already exists in Party Manager context and is the right place to be. just a
> bit strange behaviour of 5 min re-enabling. Do you see my point, Jacques?
>
>
>
> jacques.le.roux wrote:
>> From: "masionas" <mi...@gmail.com>
>>> HI Jacques,
>>>
>>> Thanks for your reply. But in a real world I think other scenario
>>> actually
>>> happens. For example, company fires an employee and obviously respective
>>> user account should be Disabled PERMANENTLY. Since userlogin is disabled
>>> by
>>> the SYSTEM automatically in the case of wrong login reties I do not see
>>> why
>>> UI in Party manager should duplicate it? It looks more logical to me
>>> have
>>> that UI for permanent disable.
>> Sorry I'm not sure to understand you. What I proposed was to create a new
>> section in Webtools (admin tools) where someone (with
>> admin right) would be able to disable permanently a login (beware a party
>> may have several logins...).?
>> Have a look at updateUserLoginSecurity service
>>
>> Jacques
>>
>>> jacques.le.roux wrote:
>>>> This is used for disabling an UserLogin temporarily after some (3?)
>>>> tries
>>>> (in case, for instance, someone tried to force it).
>>>> So I'm not seeing what is to fix here. If you need an UI to permanently
>>>> disable a login you could contribute a patch.
>>>> I'd suggest using Webtools as place with a new general entry about
>>>> parties
>>>> then...
>>>> You could even use the new service to parametrize the above behaviour
>>>> with
>>>> a property.
>>>>
>>>> Jacques
>>>>
>>>> From: "masionas" <mi...@gmail.com>
>>>>> Hi Guys,
>>>>>
>>>>> Any updates on whether it was fixed lately? With 9.04 release it seems
>>>>> still
>>>>> needs the workaround instead of directly to disable login permanently.
>>>>>
>>>>>
>>>>> Robert Volke wrote:
>>>>>> Wow, that did the trick. When I first saved the Enabled flag change
>>>>>> to
>>>>>> N,
>>>>>> it automatically populated the disabled date, so I deleted this date
>>>>>> and
>>>>>> saved the change again. Now the disabled admin can no longer login.
>>>>>> It
>>>>>> looks like if you simply disable an account and leave the time stamp,
>>>>>> it
>>>>>> will automatically enable again in 5 minutes. I'm not sure why it
>>>>>> does
>>>>>> this, and I didn't see a way to change the end date for the disable so
>>>>>> I'm
>>>>>> going to inform my users to use this work around.
>>>>>>
>>>>>> Thank you for all of the help,
>>>>>> Robert Volke
>>>>>>
>>>>>>>>> Bilgin Ibryam <bi...@iguanait.com> 7/1/2008 3:53:22 PM >>>
>>>>>> Hi Robert,
>>>>>>
>>>>>> try to set the Enabled Flag to "N" WITHOUT Disabled Date Time.
>>>>>>
>>>>>> Bilgin
>>>>>>
>>>>>> ----------------------------------------------------------------
>>>>>> This message was sent using IMP, the Internet Messaging Program.
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>> --
>>>>> View this message in context:
>>>>> http://www.nabble.com/Users-with-disabled-accounts-are-still-able-to-login-tp18223799p24922534.html
>>>>> Sent from the OFBiz - User mailing list archive at Nabble.com.
>>>>>
>>>>
>>>>
>>> --
>>> View this message in context:
>>> http://www.nabble.com/Users-with-disabled-accounts-are-still-able-to-login-tp18223799p24971362.html
>>> Sent from the OFBiz - User mailing list archive at Nabble.com.
>>>
>>
>>
>>
>
Re: Users with disabled accounts are still able to login
Posted by Jacques Le Roux <ja...@les7arts.com>.
Do you speak about https://localhost:8443/partymgr/control/editlogin?partyId=admin&userLoginId=flexadmin ?
If yes, did you try to set "Disabled Date Time" ?
Jacques
From: "masionas" <mi...@gmail.com>
> Ok. My concern is about functional design of Disable/Enable status section
> in Party manager for UserLogin entity. It looks, it is the right place to
> control it for a given party. The only design drawback I see there as it is
> now is that it disables login for 5 min and then re-enable it. In a real
> world scenario who needs this funcitonlity? Why you would disable login for
> 5 min manually and as I remember it does not give a note that it was
> disabled only for 5 min?
>
> I think no need to have it as a separate function in Webtools as it is
> already exists in Party Manager context and is the right place to be. just a
> bit strange behaviour of 5 min re-enabling. Do you see my point, Jacques?
>
>
>
> jacques.le.roux wrote:
>>
>> From: "masionas" <mi...@gmail.com>
>>> HI Jacques,
>>>
>>> Thanks for your reply. But in a real world I think other scenario
>>> actually
>>> happens. For example, company fires an employee and obviously respective
>>> user account should be Disabled PERMANENTLY. Since userlogin is disabled
>>> by
>>> the SYSTEM automatically in the case of wrong login reties I do not see
>>> why
>>> UI in Party manager should duplicate it? It looks more logical to me
>>> have
>>> that UI for permanent disable.
>>
>> Sorry I'm not sure to understand you. What I proposed was to create a new
>> section in Webtools (admin tools) where someone (with
>> admin right) would be able to disable permanently a login (beware a party
>> may have several logins...).?
>> Have a look at updateUserLoginSecurity service
>>
>> Jacques
>>
>>>
>>> jacques.le.roux wrote:
>>>>
>>>> This is used for disabling an UserLogin temporarily after some (3?)
>>>> tries
>>>> (in case, for instance, someone tried to force it).
>>>> So I'm not seeing what is to fix here. If you need an UI to permanently
>>>> disable a login you could contribute a patch.
>>>> I'd suggest using Webtools as place with a new general entry about
>>>> parties
>>>> then...
>>>> You could even use the new service to parametrize the above behaviour
>>>> with
>>>> a property.
>>>>
>>>> Jacques
>>>>
>>>> From: "masionas" <mi...@gmail.com>
>>>>>
>>>>> Hi Guys,
>>>>>
>>>>> Any updates on whether it was fixed lately? With 9.04 release it seems
>>>>> still
>>>>> needs the workaround instead of directly to disable login permanently.
>>>>>
>>>>>
>>>>> Robert Volke wrote:
>>>>>>
>>>>>> Wow, that did the trick. When I first saved the Enabled flag change
>>>>>> to
>>>>>> N,
>>>>>> it automatically populated the disabled date, so I deleted this date
>>>>>> and
>>>>>> saved the change again. Now the disabled admin can no longer login.
>>>>>> It
>>>>>> looks like if you simply disable an account and leave the time stamp,
>>>>>> it
>>>>>> will automatically enable again in 5 minutes. I'm not sure why it
>>>>>> does
>>>>>> this, and I didn't see a way to change the end date for the disable so
>>>>>> I'm
>>>>>> going to inform my users to use this work around.
>>>>>>
>>>>>> Thank you for all of the help,
>>>>>> Robert Volke
>>>>>>
>>>>>>>>> Bilgin Ibryam <bi...@iguanait.com> 7/1/2008 3:53:22 PM >>>
>>>>>>
>>>>>> Hi Robert,
>>>>>>
>>>>>> try to set the Enabled Flag to "N" WITHOUT Disabled Date Time.
>>>>>>
>>>>>> Bilgin
>>>>>>
>>>>>> ----------------------------------------------------------------
>>>>>> This message was sent using IMP, the Internet Messaging Program.
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>
>>>>> --
>>>>> View this message in context:
>>>>> http://www.nabble.com/Users-with-disabled-accounts-are-still-able-to-login-tp18223799p24922534.html
>>>>> Sent from the OFBiz - User mailing list archive at Nabble.com.
>>>>>
>>>>
>>>>
>>>>
>>>
>>> --
>>> View this message in context:
>>> http://www.nabble.com/Users-with-disabled-accounts-are-still-able-to-login-tp18223799p24971362.html
>>> Sent from the OFBiz - User mailing list archive at Nabble.com.
>>>
>>
>>
>>
>>
>
> --
> View this message in context: http://www.nabble.com/Users-with-disabled-accounts-are-still-able-to-login-tp18223799p24972825.html
> Sent from the OFBiz - User mailing list archive at Nabble.com.
>
Re: Users with disabled accounts are still able to login
Posted by masionas <mi...@gmail.com>.
Ok. My concern is about functional design of Disable/Enable status section
in Party manager for UserLogin entity. It looks, it is the right place to
control it for a given party. The only design drawback I see there as it is
now is that it disables login for 5 min and then re-enable it. In a real
world scenario who needs this funcitonlity? Why you would disable login for
5 min manually and as I remember it does not give a note that it was
disabled only for 5 min?
I think no need to have it as a separate function in Webtools as it is
already exists in Party Manager context and is the right place to be. just a
bit strange behaviour of 5 min re-enabling. Do you see my point, Jacques?
jacques.le.roux wrote:
>
> From: "masionas" <mi...@gmail.com>
>> HI Jacques,
>>
>> Thanks for your reply. But in a real world I think other scenario
>> actually
>> happens. For example, company fires an employee and obviously respective
>> user account should be Disabled PERMANENTLY. Since userlogin is disabled
>> by
>> the SYSTEM automatically in the case of wrong login reties I do not see
>> why
>> UI in Party manager should duplicate it? It looks more logical to me
>> have
>> that UI for permanent disable.
>
> Sorry I'm not sure to understand you. What I proposed was to create a new
> section in Webtools (admin tools) where someone (with
> admin right) would be able to disable permanently a login (beware a party
> may have several logins...).?
> Have a look at updateUserLoginSecurity service
>
> Jacques
>
>>
>> jacques.le.roux wrote:
>>>
>>> This is used for disabling an UserLogin temporarily after some (3?)
>>> tries
>>> (in case, for instance, someone tried to force it).
>>> So I'm not seeing what is to fix here. If you need an UI to permanently
>>> disable a login you could contribute a patch.
>>> I'd suggest using Webtools as place with a new general entry about
>>> parties
>>> then...
>>> You could even use the new service to parametrize the above behaviour
>>> with
>>> a property.
>>>
>>> Jacques
>>>
>>> From: "masionas" <mi...@gmail.com>
>>>>
>>>> Hi Guys,
>>>>
>>>> Any updates on whether it was fixed lately? With 9.04 release it seems
>>>> still
>>>> needs the workaround instead of directly to disable login permanently.
>>>>
>>>>
>>>> Robert Volke wrote:
>>>>>
>>>>> Wow, that did the trick. When I first saved the Enabled flag change
>>>>> to
>>>>> N,
>>>>> it automatically populated the disabled date, so I deleted this date
>>>>> and
>>>>> saved the change again. Now the disabled admin can no longer login.
>>>>> It
>>>>> looks like if you simply disable an account and leave the time stamp,
>>>>> it
>>>>> will automatically enable again in 5 minutes. I'm not sure why it
>>>>> does
>>>>> this, and I didn't see a way to change the end date for the disable so
>>>>> I'm
>>>>> going to inform my users to use this work around.
>>>>>
>>>>> Thank you for all of the help,
>>>>> Robert Volke
>>>>>
>>>>>>>> Bilgin Ibryam <bi...@iguanait.com> 7/1/2008 3:53:22 PM >>>
>>>>>
>>>>> Hi Robert,
>>>>>
>>>>> try to set the Enabled Flag to "N" WITHOUT Disabled Date Time.
>>>>>
>>>>> Bilgin
>>>>>
>>>>> ----------------------------------------------------------------
>>>>> This message was sent using IMP, the Internet Messaging Program.
>>>>>
>>>>>
>>>>>
>>>>>
>>>>
>>>> --
>>>> View this message in context:
>>>> http://www.nabble.com/Users-with-disabled-accounts-are-still-able-to-login-tp18223799p24922534.html
>>>> Sent from the OFBiz - User mailing list archive at Nabble.com.
>>>>
>>>
>>>
>>>
>>
>> --
>> View this message in context:
>> http://www.nabble.com/Users-with-disabled-accounts-are-still-able-to-login-tp18223799p24971362.html
>> Sent from the OFBiz - User mailing list archive at Nabble.com.
>>
>
>
>
>
--
View this message in context: http://www.nabble.com/Users-with-disabled-accounts-are-still-able-to-login-tp18223799p24972825.html
Sent from the OFBiz - User mailing list archive at Nabble.com.
Re: Users with disabled accounts are still able to login
Posted by Jacques Le Roux <ja...@les7arts.com>.
From: "masionas" <mi...@gmail.com>
> HI Jacques,
>
> Thanks for your reply. But in a real world I think other scenario actually
> happens. For example, company fires an employee and obviously respective
> user account should be Disabled PERMANENTLY. Since userlogin is disabled by
> the SYSTEM automatically in the case of wrong login reties I do not see why
> UI in Party manager should duplicate it? It looks more logical to me have
> that UI for permanent disable.
Sorry I'm not sure to understand you. What I proposed was to create a new section in Webtools (admin tools) where someone (with
admin right) would be able to disable permanently a login (beware a party may have several logins...).?
Have a look at updateUserLoginSecurity service
Jacques
>
> jacques.le.roux wrote:
>>
>> This is used for disabling an UserLogin temporarily after some (3?) tries
>> (in case, for instance, someone tried to force it).
>> So I'm not seeing what is to fix here. If you need an UI to permanently
>> disable a login you could contribute a patch.
>> I'd suggest using Webtools as place with a new general entry about parties
>> then...
>> You could even use the new service to parametrize the above behaviour with
>> a property.
>>
>> Jacques
>>
>> From: "masionas" <mi...@gmail.com>
>>>
>>> Hi Guys,
>>>
>>> Any updates on whether it was fixed lately? With 9.04 release it seems
>>> still
>>> needs the workaround instead of directly to disable login permanently.
>>>
>>>
>>> Robert Volke wrote:
>>>>
>>>> Wow, that did the trick. When I first saved the Enabled flag change to
>>>> N,
>>>> it automatically populated the disabled date, so I deleted this date and
>>>> saved the change again. Now the disabled admin can no longer login. It
>>>> looks like if you simply disable an account and leave the time stamp, it
>>>> will automatically enable again in 5 minutes. I'm not sure why it does
>>>> this, and I didn't see a way to change the end date for the disable so
>>>> I'm
>>>> going to inform my users to use this work around.
>>>>
>>>> Thank you for all of the help,
>>>> Robert Volke
>>>>
>>>>>>> Bilgin Ibryam <bi...@iguanait.com> 7/1/2008 3:53:22 PM >>>
>>>>
>>>> Hi Robert,
>>>>
>>>> try to set the Enabled Flag to "N" WITHOUT Disabled Date Time.
>>>>
>>>> Bilgin
>>>>
>>>> ----------------------------------------------------------------
>>>> This message was sent using IMP, the Internet Messaging Program.
>>>>
>>>>
>>>>
>>>>
>>>
>>> --
>>> View this message in context:
>>> http://www.nabble.com/Users-with-disabled-accounts-are-still-able-to-login-tp18223799p24922534.html
>>> Sent from the OFBiz - User mailing list archive at Nabble.com.
>>>
>>
>>
>>
>
> --
> View this message in context: http://www.nabble.com/Users-with-disabled-accounts-are-still-able-to-login-tp18223799p24971362.html
> Sent from the OFBiz - User mailing list archive at Nabble.com.
>
Re: Users with disabled accounts are still able to login
Posted by masionas <mi...@gmail.com>.
HI Jacques,
Thanks for your reply. But in a real world I think other scenario actually
happens. For example, company fires an employee and obviously respective
user account should be Disabled PERMANENTLY. Since userlogin is disabled by
the SYSTEM automatically in the case of wrong login reties I do not see why
UI in Party manager should duplicate it? It looks more logical to me have
that UI for permanent disable.
jacques.le.roux wrote:
>
> This is used for disabling an UserLogin temporarily after some (3?) tries
> (in case, for instance, someone tried to force it).
> So I'm not seeing what is to fix here. If you need an UI to permanently
> disable a login you could contribute a patch.
> I'd suggest using Webtools as place with a new general entry about parties
> then...
> You could even use the new service to parametrize the above behaviour with
> a property.
>
> Jacques
>
> From: "masionas" <mi...@gmail.com>
>>
>> Hi Guys,
>>
>> Any updates on whether it was fixed lately? With 9.04 release it seems
>> still
>> needs the workaround instead of directly to disable login permanently.
>>
>>
>> Robert Volke wrote:
>>>
>>> Wow, that did the trick. When I first saved the Enabled flag change to
>>> N,
>>> it automatically populated the disabled date, so I deleted this date and
>>> saved the change again. Now the disabled admin can no longer login. It
>>> looks like if you simply disable an account and leave the time stamp, it
>>> will automatically enable again in 5 minutes. I'm not sure why it does
>>> this, and I didn't see a way to change the end date for the disable so
>>> I'm
>>> going to inform my users to use this work around.
>>>
>>> Thank you for all of the help,
>>> Robert Volke
>>>
>>>>>> Bilgin Ibryam <bi...@iguanait.com> 7/1/2008 3:53:22 PM >>>
>>>
>>> Hi Robert,
>>>
>>> try to set the Enabled Flag to "N" WITHOUT Disabled Date Time.
>>>
>>> Bilgin
>>>
>>> ----------------------------------------------------------------
>>> This message was sent using IMP, the Internet Messaging Program.
>>>
>>>
>>>
>>>
>>
>> --
>> View this message in context:
>> http://www.nabble.com/Users-with-disabled-accounts-are-still-able-to-login-tp18223799p24922534.html
>> Sent from the OFBiz - User mailing list archive at Nabble.com.
>>
>
>
>
--
View this message in context: http://www.nabble.com/Users-with-disabled-accounts-are-still-able-to-login-tp18223799p24971362.html
Sent from the OFBiz - User mailing list archive at Nabble.com.
Re: Users with disabled accounts are still able to login
Posted by Jacques Le Roux <ja...@les7arts.com>.
This is used for disabling an UserLogin temporarily after some (3?) tries (in case, for instance, someone tried to force it).
So I'm not seeing what is to fix here. If you need an UI to permanently disable a login you could contribute a patch.
I'd suggest using Webtools as place with a new general entry about parties then...
You could even use the new service to parametrize the above behaviour with a property.
Jacques
From: "masionas" <mi...@gmail.com>
>
> Hi Guys,
>
> Any updates on whether it was fixed lately? With 9.04 release it seems still
> needs the workaround instead of directly to disable login permanently.
>
>
> Robert Volke wrote:
>>
>> Wow, that did the trick. When I first saved the Enabled flag change to N,
>> it automatically populated the disabled date, so I deleted this date and
>> saved the change again. Now the disabled admin can no longer login. It
>> looks like if you simply disable an account and leave the time stamp, it
>> will automatically enable again in 5 minutes. I'm not sure why it does
>> this, and I didn't see a way to change the end date for the disable so I'm
>> going to inform my users to use this work around.
>>
>> Thank you for all of the help,
>> Robert Volke
>>
>>>>> Bilgin Ibryam <bi...@iguanait.com> 7/1/2008 3:53:22 PM >>>
>>
>> Hi Robert,
>>
>> try to set the Enabled Flag to "N" WITHOUT Disabled Date Time.
>>
>> Bilgin
>>
>> ----------------------------------------------------------------
>> This message was sent using IMP, the Internet Messaging Program.
>>
>>
>>
>>
>
> --
> View this message in context: http://www.nabble.com/Users-with-disabled-accounts-are-still-able-to-login-tp18223799p24922534.html
> Sent from the OFBiz - User mailing list archive at Nabble.com.
>
Re: Users with disabled accounts are still able to login
Posted by masionas <mi...@gmail.com>.
Hi Guys,
Any updates on whether it was fixed lately? With 9.04 release it seems still
needs the workaround instead of directly to disable login permanently.
Robert Volke wrote:
>
> Wow, that did the trick. When I first saved the Enabled flag change to N,
> it automatically populated the disabled date, so I deleted this date and
> saved the change again. Now the disabled admin can no longer login. It
> looks like if you simply disable an account and leave the time stamp, it
> will automatically enable again in 5 minutes. I'm not sure why it does
> this, and I didn't see a way to change the end date for the disable so I'm
> going to inform my users to use this work around.
>
> Thank you for all of the help,
> Robert Volke
>
>>>> Bilgin Ibryam <bi...@iguanait.com> 7/1/2008 3:53:22 PM >>>
>
> Hi Robert,
>
> try to set the Enabled Flag to "N" WITHOUT Disabled Date Time.
>
> Bilgin
>
> ----------------------------------------------------------------
> This message was sent using IMP, the Internet Messaging Program.
>
>
>
>
--
View this message in context: http://www.nabble.com/Users-with-disabled-accounts-are-still-able-to-login-tp18223799p24922534.html
Sent from the OFBiz - User mailing list archive at Nabble.com.
Re: Users with disabled accounts are still able to login
Posted by Jacques Le Roux <ja...@les7arts.com>.
Interesting trick, I put at link to Nabble Forum http://www.nabble.com/forum/Permalink.jtp?root=18223799&post=18223799&page=y from
http://docs.ofbiz.org/display/OFBIZ/FAQ+-+Tips+-+Tricks+-+Cookbook+-+HowTo#FAQ-Tips-Tricks-Cookbook-HowTo-ProductionTips
Jacques
From: "Robert Volke" <rv...@bgeltd.com>
> Wow, that did the trick. When I first saved the Enabled flag change to N, it automatically populated the disabled date, so I
> deleted this date and saved the change again. Now the disabled admin can no longer login. It looks like if you simply disable an
> account and leave the time stamp, it will automatically enable again in 5 minutes. I'm not sure why it does this, and I didn't
> see a way to change the end date for the disable so I'm going to inform my users to use this work around.
>
> Thank you for all of the help,
> Robert Volke
>
>>>> Bilgin Ibryam <bi...@iguanait.com> 7/1/2008 3:53:22 PM >>>
>
> Hi Robert,
>
> try to set the Enabled Flag to "N" WITHOUT Disabled Date Time.
>
> Bilgin
>
> ----------------------------------------------------------------
> This message was sent using IMP, the Internet Messaging Program.
>
>
>
Re: Users with disabled accounts are still able to login
Posted by Robert Volke <rv...@bgeltd.com>.
Wow, that did the trick. When I first saved the Enabled flag change to N, it automatically populated the disabled date, so I deleted this date and saved the change again. Now the disabled admin can no longer login. It looks like if you simply disable an account and leave the time stamp, it will automatically enable again in 5 minutes. I'm not sure why it does this, and I didn't see a way to change the end date for the disable so I'm going to inform my users to use this work around.
Thank you for all of the help,
Robert Volke
>>> Bilgin Ibryam <bi...@iguanait.com> 7/1/2008 3:53:22 PM >>>
Hi Robert,
try to set the Enabled Flag to "N" WITHOUT Disabled Date Time.
Bilgin
----------------------------------------------------------------
This message was sent using IMP, the Internet Messaging Program.
Re: Users with disabled accounts are still able to login
Posted by Bilgin Ibryam <bi...@iguanait.com>.
Hi Robert,
try to set the Enabled Flag to "N" WITHOUT Disabled Date Time.
Bilgin
----------------------------------------------------------------
This message was sent using IMP, the Internet Messaging Program.