Skip to content
This repository has been archived by the owner on Apr 26, 2024. It is now read-only.

Feature request: prevent certain changes to user profiles #5267

Closed
TheLastProject opened this issue May 28, 2019 · 8 comments
Closed

Feature request: prevent certain changes to user profiles #5267

TheLastProject opened this issue May 28, 2019 · 8 comments

Comments

@TheLastProject
Copy link

Description:

It would be great if we could disable some user profile changes, like changing the display name, for on servers where this is set by the identity server on login.
@richvdh richvdh changed the title Lock profile changes Feature request: prevent certain changes to user profiles May 29, 2019
@richvdh
Copy link
Member

richvdh commented May 29, 2019

Related: #4708

@neilisfragile
Copy link
Contributor

I'm trying to think how this would work.

You could set it on a room level, that way all servers participating would have to respect the rule.

Or you could do it on a server level (which I think is what you are asking for), but I'm not sure that makes sense if the server then federates with other servers that do not enforce profile change.

@TheLastProject
Copy link
Author

Well, a server is coupled to an identity server, which is where the accounts will come from. Putting it on the same level as the accounts itself sounds most logical? The use case here is company LDAP accounts and preventing people from impersonating each other within the company.

@t3chguy
Copy link
Member

t3chguy commented Jun 5, 2019

Well, a server is coupled to an identity server, which is where the accounts will come from. Putting it on the same level as the accounts itself sounds most logical? The use case here is company LDAP accounts and preventing people from impersonating each other within the company.

That is not how accounts work.

Identity servers provide identity lookup functionality only (mapping from e-mails and phone numbers to Matrix IDs)

Accounts are stored and owned by their respective homeserver currently, in future they may be more fluid.

@TheLastProject
Copy link
Author

Well, not to sound rude, but as an administrator I don't really care about that implementation detail, I just want to be able to prevent users from impersonating each other, like how many other messaging platforms such as Rocket Chat will lock usernames to whatever is in LDAP.

Seeing how the homeserver knows the accounts, limiting on homeserver level seems most logical, because we can't expect matrix.org to enforce a lack of nick changes, but you still wouldn't want your employees to change their username when talking to people on matrix.org. You want certainty for the accounts that are managed by your organisation, both for communication inside it and communication with other servers you decided to link to.

@dklimpel
Copy link
Contributor

dklimpel commented Feb 4, 2020

see also: #5241

@eMPee584
Copy link

eMPee584 commented Mar 2, 2020

Yeah LDAP support is not exactly matrix's strongest feat atm..
@ara4n Isn't the french government using it? No corporate sponsors for it yet?

@eMPee584 eMPee584 mentioned this issue Mar 2, 2020
Merged
@dklimpel dklimpel mentioned this issue Mar 8, 2020
Merged
4 tasks
@dklimpel dklimpel mentioned this issue Mar 17, 2020
Merged
4 tasks
@clokep
Copy link
Member

clokep commented Mar 30, 2020

I believe this was fixed by #7096.

@clokep clokep closed this as completed Mar 30, 2020
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
7 participants
@neilisfragile @clokep @eMPee584 @richvdh @TheLastProject @t3chguy @dklimpel