Creating users with a read-only Auth Provider

Description

Openfire prevents you from creating users if the configured UserProvider is read only.

However, when a user is created using the DefaultUserProvider, it uses the configured AuthProvider to set the password. If the AuthProvider does not support the setting of passwords (eg. the HybridAuthProvider), then a user will be created with a null password.

This means that the user is unable to login.

Note that attempting to reset the password via the admin console results in a "not supported" message.

I'm not sure what the correct approach should be;

1) Prevent the creation of users if the AuthProvider is read-only

2) Warn the administrator after creating the user that the password cannot be set, similar to the password reset.

3) Something else?

 

Environment

None
Duplicate

Assignee

Greg Thomas

Reporter

Greg Thomas

Labels

None

Expected Effort

None

Ignite Forum URL

None

Components

Affects versions

Priority

Minor