Cloudron makes it easy to run web apps like WordPress, Nextcloud, GitLab on your server. Find out more or install now.


Navigation

    Cloudron Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular

    SOLVED Prevent Username/Email Change by users

    Feature Requests
    feature-request username ldap
    4
    7
    98
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • N
      nj last edited by girish

      Is there a way to prevent normal Cloudron users from changing their username and email? That's because Gitlab, for instance, recommends against using LDAP authentication if the LDAP server supports changing username/email because that can lead to account takeover.

      Is there any way to achieve this, or is there a possibility to add this feature in the admin panel?

      M 1 Reply Last reply Reply Quote 0
      • M
        murgero App Dev @nj last edited by

        @nj If gitlab is the issue here as seen in your example, just use gitlab without ldap by enabling app-authentication in the settings.

        --
        https://urgero.org

        N 1 Reply Last reply Reply Quote 0
        • nebulon
          nebulon Staff last edited by

          The username cannot be changed on Cloudron. The user's profile email however can be, but the apps which integrated with LDAP are using the username as the identifier to bind profiles.

          1 Reply Last reply Reply Quote 2
          • girish
            girish Staff last edited by

            All apps (except wikijs iirc) use username as LDAP identifier and the username in Cloudron cannot be changed for the same security reasons that GitLab mentions.

            That said, I think it is a good idea to not allow changing email as well (optionally). I have opened https://git.cloudron.io/cloudron/box/-/issues/704

            1 Reply Last reply Reply Quote 3
            • N
              nj @murgero last edited by

              @murgero thanks for the hint, but I'm afraid, I need to authenticate through LDAP only.

              1 Reply Last reply Reply Quote 0
              • girish
                girish Staff last edited by

                We have scheduled this for next release 6.0

                1 Reply Last reply Reply Quote 2
                • girish
                  girish Staff last edited by

                  This is implemented in 5.4

                  1 Reply Last reply Reply Quote 1
                  • First post
                    Last post