My Problem:
While the AD LDAP was temporarily down, several users where deleted and an endtime was set.
After the AD Ldap was back in service the users where reactivated automatically, but the endtime was still there and the users were not abled to login until the endtime was removed manually.
**My Setup:**
Typo3 8.7.26
ig_ldap_sso_auth 3.4.0
Webserver Apache 2.4.25
PHP Version 7.2.10-0ubuntu0.18.04.1
Database MySQL 5.7.24
OS: Ubuntu 18.0.4
I suggest to reset the endtime in future releases when users are reactivated.See attached code sample of the Classes/Library/Authentication.php:
Classes/Library/Authentication.php
// Let's restore deleted accounts since the only way to prevent an actual LDAP member
// to authenticate is to set a "stop time" (endtime in DB) to the TYPO3 user record or
// mark it as "disable"
$typo3_user['deleted'] = 0;
$typo3_user['endtime'] = '';
if ((empty($typo3_groups) && Configuration::getValue('DeleteUserIfNoTYPO3Groups'))) {
$typo3_user['deleted'] = 1;
$typo3_user['endtime'] = $GLOBALS['EXEC_TIME'];
static::getLogger()->debug('User record has been deleted because she has no associated TYPO3 groups.', $typo3_user);
}
// Delete user if no LDAP groups found.
if (Configuration::getValue('DeleteUserIfNoLDAPGroups') && !static::$ldapGroups) {
$typo3_user['deleted'] = 1;
$typo3_user['endtime'] = $GLOBALS['EXEC_TIME'];
static::getLogger()->debug('User record has been deleted because she has no LDAP groups.', $typo3_user);
}if (!empty($typo3_user['uid'])) {
My Problem: While the AD LDAP was temporarily down, several users where deleted and an endtime was set. After the AD Ldap was back in service the users where reactivated automatically, but the endtime was still there and the users were not abled to login until the endtime was removed manually.
I suggest to reset the endtime in future releases when users are reactivated.See attached code sample of the Classes/Library/Authentication.php:
Classes/Library/Authentication.php // Let's restore deleted accounts since the only way to prevent an actual LDAP member // to authenticate is to set a "stop time" (endtime in DB) to the TYPO3 user record or // mark it as "disable" $typo3_user['deleted'] = 0; $typo3_user['endtime'] = '';
$typo3_user['password'] = Typo3UserRepository::setRandomPassword();
if ((empty($typo3_groups) && Configuration::getValue('DeleteUserIfNoTYPO3Groups'))) { $typo3_user['deleted'] = 1; $typo3_user['endtime'] = $GLOBALS['EXEC_TIME']; static::getLogger()->debug('User record has been deleted because she has no associated TYPO3 groups.', $typo3_user); } // Delete user if no LDAP groups found. if (Configuration::getValue('DeleteUserIfNoLDAPGroups') && !static::$ldapGroups) { $typo3_user['deleted'] = 1; $typo3_user['endtime'] = $GLOBALS['EXEC_TIME']; static::getLogger()->debug('User record has been deleted because she has no LDAP groups.', $typo3_user); }if (!empty($typo3_user['uid'])) {