Cloudron makes it easy to run web apps like WordPress, Nextcloud, GitLab on your server. Find out more or install now.


Skip to content
  • Categories
  • Recent
  • Tags
  • Popular
  • Bookmarks
  • Search
Skins
  • Light
  • Cerulean
  • Cosmo
  • Flatly
  • Journal
  • Litera
  • Lumen
  • Lux
  • Materia
  • Minty
  • Morph
  • Pulse
  • Sandstone
  • Simplex
  • Sketchy
  • Spacelab
  • United
  • Yeti
  • Zephyr
  • Dark
  • Cyborg
  • Darkly
  • Quartz
  • Slate
  • Solar
  • Superhero
  • Vapor

  • Default (No Skin)
  • No Skin
Collapse
Brand Logo

Cloudron Forum

Apps | Demo | Docs | Install
  1. Cloudron Forum
  2. Support
  3. How does a user reset their password when their email access is also through LDAP?

How does a user reset their password when their email access is also through LDAP?

Scheduled Pinned Locked Moved Support
10 Posts 3 Posters 1.5k Views 3 Watching
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • marcusquinnM Offline
    marcusquinnM Offline
    marcusquinn
    wrote on last edited by marcusquinn
    #1

    OK, so Users only have access to email through a webmail client that uses Cloudron LDAP to login.

    They have forgotten their password.

    How do they reset it if they can't login to webmail because they forgot their password?

    🙃

    Web Design https://www.evergreen.je
    Development https://brandlight.org
    Life https://marcusquinn.com

    girishG 1 Reply Last reply
    0
    • marcusquinnM marcusquinn

      OK, so Users only have access to email through a webmail client that uses Cloudron LDAP to login.

      They have forgotten their password.

      How do they reset it if they can't login to webmail because they forgot their password?

      🙃

      girishG Offline
      girishG Offline
      girish
      Staff
      wrote on last edited by
      #2

      @marcusquinn the are two email address on Cloudron - the primary email (exposed to apps) and the fallback email (sent for password reset). The fallback email is not supposed to be hosted on Cloudron. This is a bit hard to "impose" because at any time that fallback email address can become hosted on Cloudron... What can we do to prevent this?

      marcusquinnM 1 Reply Last reply
      1
      • girishG Offline
        girishG Offline
        girish
        Staff
        wrote on last edited by
        #3

        Looking into the flow a bit:

        • When a user is created (by the admin), it just says "Email". What we do is to set the primary and the fallback email to this email address.

        • Then, when a user signs up, he is not asked for any email. He has to know to go to Profile page and change it. Not ideal.

        I think we should fix the flow to ask the admin for both the emails. And also warning them if fallback email is hosted on Cloudron. If fallback email is left blank, we should ask the user when they sign up.

        marcusquinnM 1 Reply Last reply
        2
        • girishG girish

          @marcusquinn the are two email address on Cloudron - the primary email (exposed to apps) and the fallback email (sent for password reset). The fallback email is not supposed to be hosted on Cloudron. This is a bit hard to "impose" because at any time that fallback email address can become hosted on Cloudron... What can we do to prevent this?

          marcusquinnM Offline
          marcusquinnM Offline
          marcusquinn
          wrote on last edited by
          #4

          @girish I don't think any of our users have fallback email addresses. The workaround for now has been to text them a reset link.

          I guess that lends itself to a SMS reset capability but then I can see that being complicated in finding providers for all country needs.

          We're managing, it's just a situation that relies upon a System Admin being available to assist.

          Perhaps there's another way somehow with registering a mobile app and push notifications?

          Web Design https://www.evergreen.je
          Development https://brandlight.org
          Life https://marcusquinn.com

          girishG 2 Replies Last reply
          0
          • marcusquinnM marcusquinn

            @girish I don't think any of our users have fallback email addresses. The workaround for now has been to text them a reset link.

            I guess that lends itself to a SMS reset capability but then I can see that being complicated in finding providers for all country needs.

            We're managing, it's just a situation that relies upon a System Admin being available to assist.

            Perhaps there's another way somehow with registering a mobile app and push notifications?

            girishG Offline
            girishG Offline
            girish
            Staff
            wrote on last edited by
            #5

            @marcusquinn I think this is a bug in our flow, will get this fixed.

            1 Reply Last reply
            2
            • girishG girish

              Looking into the flow a bit:

              • When a user is created (by the admin), it just says "Email". What we do is to set the primary and the fallback email to this email address.

              • Then, when a user signs up, he is not asked for any email. He has to know to go to Profile page and change it. Not ideal.

              I think we should fix the flow to ask the admin for both the emails. And also warning them if fallback email is hosted on Cloudron. If fallback email is left blank, we should ask the user when they sign up.

              marcusquinnM Offline
              marcusquinnM Offline
              marcusquinn
              wrote on last edited by
              #6

              @girish Sounds reasonable. It's not urgent, just something I found that happens often enough to consider if there's a way to make these things self-service without needing a System Admin to be available.

              Web Design https://www.evergreen.je
              Development https://brandlight.org
              Life https://marcusquinn.com

              1 Reply Last reply
              0
              • marcusquinnM marcusquinn

                @girish I don't think any of our users have fallback email addresses. The workaround for now has been to text them a reset link.

                I guess that lends itself to a SMS reset capability but then I can see that being complicated in finding providers for all country needs.

                We're managing, it's just a situation that relies upon a System Admin being available to assist.

                Perhaps there's another way somehow with registering a mobile app and push notifications?

                girishG Offline
                girishG Offline
                girish
                Staff
                wrote on last edited by
                #7

                @marcusquinn Also, the fallback email is in the Profile view of the user . But of course, it's impossible for a normal user or even admin to know all what I said....

                marcusquinnM 1 Reply Last reply
                1
                • girishG girish

                  @marcusquinn Also, the fallback email is in the Profile view of the user . But of course, it's impossible for a normal user or even admin to know all what I said....

                  marcusquinnM Offline
                  marcusquinnM Offline
                  marcusquinn
                  wrote on last edited by
                  #8

                  @girish On the flip-side, personal email addresses can arguably be weaker than work ones, as people tend to use them for many years without any password policies, and there's plenty of online services to lookup exposed passwords by a person's email address.

                  Web Design https://www.evergreen.je
                  Development https://brandlight.org
                  Life https://marcusquinn.com

                  1 Reply Last reply
                  0
                  • marcusquinnM Offline
                    marcusquinnM Offline
                    marcusquinn
                    wrote on last edited by
                    #9

                    If I think to all the big players, I think there's a good reason they use mobile numbers for 2FA and resets, people guard their phones more carefully than their credentials.

                    Web Design https://www.evergreen.je
                    Development https://brandlight.org
                    Life https://marcusquinn.com

                    mehdiM 1 Reply Last reply
                    0
                    • marcusquinnM marcusquinn

                      If I think to all the big players, I think there's a good reason they use mobile numbers for 2FA and resets, people guard their phones more carefully than their credentials.

                      mehdiM Offline
                      mehdiM Offline
                      mehdi
                      App Dev
                      wrote on last edited by
                      #10

                      @marcusquinn Actually, SIM Swapping is pretty common. I would not suggest having a phone number as a single-point-of-failure for anything remotely critical.

                      1 Reply Last reply
                      2
                      Reply
                      • Reply as topic
                      Log in to reply
                      • Oldest to Newest
                      • Newest to Oldest
                      • Most Votes


                      • Login

                      • Don't have an account? Register

                      • Login or register to search.
                      • First post
                        Last post
                      0
                      • Categories
                      • Recent
                      • Tags
                      • Popular
                      • Bookmarks
                      • Search