Cloudron makes it easy to run web apps like WordPress, Nextcloud, GitLab on your server. Find out more or install now.


Skip to content
  • Categories
  • Recent
  • Tags
  • Popular
  • Bookmarks
  • Search
Skins
  • Light
  • Cerulean
  • Cosmo
  • Flatly
  • Journal
  • Litera
  • Lumen
  • Lux
  • Materia
  • Minty
  • Morph
  • Pulse
  • Sandstone
  • Simplex
  • Sketchy
  • Spacelab
  • United
  • Yeti
  • Zephyr
  • Dark
  • Cyborg
  • Darkly
  • Quartz
  • Slate
  • Solar
  • Superhero
  • Vapor

  • Default (No Skin)
  • No Skin
Collapse
Brand Logo

Cloudron Forum

Apps | Demo | Docs | Install
  1. Cloudron Forum
  2. Feature Requests
  3. Prevent Username/Email Change by users

Prevent Username/Email Change by users

Scheduled Pinned Locked Moved Solved Feature Requests
feature-requestusernameldap
7 Posts 4 Posters 1.3k Views 4 Watching
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • njN Offline
    njN Offline
    nj
    wrote on last edited by girish
    #1

    Is there a way to prevent normal Cloudron users from changing their username and email? That's because Gitlab, for instance, recommends against using LDAP authentication if the LDAP server supports changing username/email because that can lead to account takeover.

    Is there any way to achieve this, or is there a possibility to add this feature in the admin panel?

    Founder / Coder • My Apps

    murgeroM 1 Reply Last reply
    0
    • njN nj

      Is there a way to prevent normal Cloudron users from changing their username and email? That's because Gitlab, for instance, recommends against using LDAP authentication if the LDAP server supports changing username/email because that can lead to account takeover.

      Is there any way to achieve this, or is there a possibility to add this feature in the admin panel?

      murgeroM Offline
      murgeroM Offline
      murgero
      App Dev
      wrote on last edited by
      #2

      @nj If gitlab is the issue here as seen in your example, just use gitlab without ldap by enabling app-authentication in the settings.

      --
      https://urgero.org
      ~ Professional Nerd. Freelance Programmer. ~

      njN 1 Reply Last reply
      0
      • nebulonN Away
        nebulonN Away
        nebulon
        Staff
        wrote on last edited by
        #3

        The username cannot be changed on Cloudron. The user's profile email however can be, but the apps which integrated with LDAP are using the username as the identifier to bind profiles.

        1 Reply Last reply
        1
        • girishG Offline
          girishG Offline
          girish
          Staff
          wrote on last edited by
          #4

          All apps (except wikijs iirc) use username as LDAP identifier and the username in Cloudron cannot be changed for the same security reasons that GitLab mentions.

          That said, I think it is a good idea to not allow changing email as well (optionally). I have opened https://git.cloudron.io/cloudron/box/-/issues/704

          1 Reply Last reply
          2
          • murgeroM murgero

            @nj If gitlab is the issue here as seen in your example, just use gitlab without ldap by enabling app-authentication in the settings.

            njN Offline
            njN Offline
            nj
            wrote on last edited by
            #5

            @murgero thanks for the hint, but I'm afraid, I need to authenticate through LDAP only.

            Founder / Coder • My Apps

            1 Reply Last reply
            0
            • girishG Offline
              girishG Offline
              girish
              Staff
              wrote on last edited by
              #6

              We have scheduled this for next release 6.0

              1 Reply Last reply
              1
              • girishG Offline
                girishG Offline
                girish
                Staff
                wrote on last edited by
                #7

                This is implemented in 5.4

                1 Reply Last reply
                1
                Reply
                • Reply as topic
                Log in to reply
                • Oldest to Newest
                • Newest to Oldest
                • Most Votes


                • Login

                • Don't have an account? Register

                • Login or register to search.
                • First post
                  Last post
                0
                • Categories
                • Recent
                • Tags
                • Popular
                • Bookmarks
                • Search