🚀 Feature: Ability to disable users instead of deletion (and keeping user data intact) #270

New Issue

OVERLORD · 2025-10-08T00:00:22+03:00

OVERLORD commented

2025-10-08 00:00:22 +03:00

Originally created by @abno85 on GitHub.

Originally assigned to: @kmendell on GitHub.

Feature description

I'd like to have the possibility to disable users and blocking them from logging in instead of outright deleting them which includes all their settings, passkeys and audit logs etc.

Pitch

I think it would be a nice feature in general to (temporary) disable users, but keeping their data and settings intact.

In particular when using LDAP as a provider, where a misconfigured LDAP filter easily leads to the loss of all settings and stored passkeys for the affected users. I don't know how Pocket-ID handles (temporary) disconnects from the LDAP provider, but these might also lead to loss of user data?

I just tried this with a test user. I moved the user into an LDAP group that is excluded from syncing to Pocket-ID via an LDAP filter. After the next sync the user was removed from Pocket-ID as intended, but when I added the user back to the original group, Pocket-ID created a completly new user from scratch and all passkeys and logins that where generated on the clients were now invalid.
I'm using LLDAP as the provider and a uuid for the unique user identifier, which didn't change obviously.

An alternative approach would be some kind of recycle bin on Pocket-IDs side? Allthough personally I'd prefer a general option to disable users.

Originally created by @abno85 on GitHub. Originally assigned to: @kmendell on GitHub. ### Feature description I'd like to have the possibility to disable users and blocking them from logging in instead of outright deleting them which includes all their settings, passkeys and audit logs etc. ### Pitch I think it would be a nice feature in general to (temporary) disable users, but keeping their data and settings intact. In particular when using LDAP as a provider, where a misconfigured LDAP filter easily leads to the loss of all settings and stored passkeys for the affected users. I don't know how Pocket-ID handles (temporary) disconnects from the LDAP provider, but these might also lead to loss of user data? I just tried this with a test user. I moved the user into an LDAP group that is excluded from syncing to Pocket-ID via an LDAP filter. After the next sync the user was removed from Pocket-ID as intended, but when I added the user back to the original group, Pocket-ID created a completly new user from scratch and all passkeys and logins that where generated on the clients were now invalid. I'm using [LLDAP](https://github.com/lldap/lldap) as the provider and a uuid for the unique user identifier, which didn't change obviously. An alternative approach would be some kind of recycle bin on Pocket-IDs side? Allthough personally I'd prefer a general option to disable users.

OVERLORD added the feature label 2025-10-08 00:00:22 +03:00

OVERLORD closed this issue

2025-10-08 00:00:23 +03:00

OVERLORD commented

2025-10-08 00:00:25 +03:00

@kmendell commented on GitHub:

I am looking into this , hopefully will have something soon :)

@kmendell commented on GitHub: I am looking into this , hopefully will have something soon :)

OVERLORD referenced this issue

2025-10-08 00:03:44 +03:00

🚀 Feature: QR Code / 2nd Device / Assisted Sign-In #328

OVERLORD referenced this issue