Disabled users after failing login

Infos:

  • Used Zammad version: 5.0.x
  • Used Zammad installation type: docker-compose
  • Operating system: Ubuntu 18.04
  • Browser + version: Chrome, latest

Quick Intro: We have LDAP integration going on. For some accounts, the Zammad login page fails, it shows the regular wrong credentials even though they are correct, and the zammad account is disabled.

I go to the LDAP log inside zammad but there is only a basic log info that is not useful at all. Nothing is particular different for those account that fail comparing to others, so it is hard to guess that is going on.

Expected behavior:

  • Able to login

Actual behavior:

  • Failed credentials and zammad user account is disabled

Steps to reproduce the behavior:

  • This happens for a handful of users only, just login and the above behavior will happen

I’m not entirely sure if with 5.0 or 5.1 but LDAP users no longer are set to inactive if the LDAP credentials were tried (so no local passwords are set and may interfere).
You can also unlock those users. You may want to upgrade to 5.1 if not done already, where close to 5.2 and you’re prune to security issues.

https://admin-docs.zammad.org/en/latest/manage/users/via-the-admin-panel.html