Is there a way to prevent normal Cloudron users from changing their username and email? That's because Gitlab, for instance, recommends against using LDAP authentication if the LDAP server supports changing username/email because that can lead to account takeover. Is there any way to achieve this, or is there a possibility to add this feature in the admin panel?

All apps (except wikijs iirc) use username as LDAP identifier and the username in Cloudron cannot be changed for the same security reasons that GitLab mentions. That said, I think it is a good idea to not allow changing email as well (optionally). I have opened https://git.cloudron.io/cloudron/box/-/issues/704

Cloudron Forum

Apps | Demo | Docs | Install

Your browser does not seem to support JavaScript. As a result, your viewing experience will be diminished, and you have been placed in read-only mode.

Please download a browser that supports JavaScript, or enable it if it's disabled (i.e. NoScript).

Prevent Username/Email Change by users

Moved Solved Feature Requests

7 Posts 4 Posters 1.4k Views 4 Watching

N Offline
N Offline
nj

wrote on last edited by girish

#1

Is there a way to prevent normal Cloudron users from changing their username and email? That's because Gitlab, for instance, recommends against using LDAP authentication if the LDAP server supports changing username/email because that can lead to account takeover.

Is there any way to achieve this, or is there a possibility to add this feature in the admin panel?
Founder / Coder • My Apps
M 1 Reply Last reply

0
N nj

Is there a way to prevent normal Cloudron users from changing their username and email? That's because Gitlab, for instance, recommends against using LDAP authentication if the LDAP server supports changing username/email because that can lead to account takeover.

Is there any way to achieve this, or is there a possibility to add this feature in the admin panel?
M Offline
M Offline
murgero
App Dev
wrote on last edited by

#2

@nj If gitlab is the issue here as seen in your example, just use gitlab without ldap by enabling app-authentication in the settings.
--
https://urgero.org
~ Professional Nerd. Freelance Programmer. ~
N 1 Reply Last reply

0
N Offline
N Offline
nebulon
Staff
wrote on last edited by

#3

The username cannot be changed on Cloudron. The user's profile email however can be, but the apps which integrated with LDAP are using the username as the identifier to bind profiles.
1 Reply Last reply

1
G Offline
G Offline
girish
Staff
wrote on last edited by

#4

All apps (except wikijs iirc) use username as LDAP identifier and the username in Cloudron cannot be changed for the same security reasons that GitLab mentions.

That said, I think it is a good idea to not allow changing email as well (optionally). I have opened https://git.cloudron.io/cloudron/box/-/issues/704
1 Reply Last reply

2
M murgero

@nj If gitlab is the issue here as seen in your example, just use gitlab without ldap by enabling app-authentication in the settings.
N Offline
N Offline
nj

wrote on last edited by

#5

@murgero thanks for the hint, but I'm afraid, I need to authenticate through LDAP only.
Founder / Coder • My Apps
1 Reply Last reply

0
G Offline
G Offline
girish
Staff
wrote on last edited by

#6

We have scheduled this for next release 6.0
1 Reply Last reply

1
G Offline
G Offline
girish
Staff
wrote on last edited by

#7

This is implemented in 5.4
1 Reply Last reply

1

Cloudron makes it easy to run web apps like WordPress, Nextcloud, GitLab on your server. Find out more or install now.

Cloudron Forum

Prevent Username/Email Change by users