I'm building a web site with LDAP users, but login must be safely disabled. How?
Also, for another web that allows users to login, how to disable actions to change password and modify profiles?
Just to be clear: Do you mean to disable the login or the registration? Because working with LDAP suggests, that there should be users?
My special requirements: no registration and no login.
All forms and urls and actions related to login should be disabled.
Yes. The little web site I'm trying to setup would have only one purpose, for password reset.
So all extra functionalities should be turned off, including things like password change (which requires login).
I found a solution: using a overrides.zcml file in my policy package, I overrided the LoginForm class and added simple exclusion rules in its render and handleLogin functions.