Group-Restricted LDAP : 05 - Deactivated users should still be able to log in

In LDAP Group-Restricted Mode, user deactivation is only temporary. When users who have an existing but deactivated user record log in again, they should be immediately reactivated. This is because LDAP is meant to be the source of truth in this configuration, and if LDAP says that a user can log in, we need to let them log in, even if they're deactivated in Tulip. The ability to deactivate users is really just so admins can clean up old users from Tulip who may not be in LDAP anymore.
  • Site configured to use LDAP Group-Restricted Mode
  • A user record for dbeckwith_test1 exists in Tulip (they have logged in before)