Cloudron makes it easy to run web apps like WordPress, Nextcloud, GitLab on your server. Find out more or install now.


    Cloudron Forum

    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular

    How does a user reset their password when their email access is also through LDAP?

    Support
    3
    10
    379
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • marcusquinn
      marcusquinn last edited by marcusquinn

      OK, so Users only have access to email through a webmail client that uses Cloudron LDAP to login.

      They have forgotten their password.

      How do they reset it if they can't login to webmail because they forgot their password?

      🙃

      We're not here for a long time - but we are here for a good time :)
      Jersey/UK
      Work & Ecommerce Advice: https://brandlight.org
      Personal & Software Tips: https://marcusquinn.com

      girish 1 Reply Last reply Reply Quote 0
      • girish
        girish Staff @marcusquinn last edited by

        @marcusquinn the are two email address on Cloudron - the primary email (exposed to apps) and the fallback email (sent for password reset). The fallback email is not supposed to be hosted on Cloudron. This is a bit hard to "impose" because at any time that fallback email address can become hosted on Cloudron... What can we do to prevent this?

        marcusquinn 1 Reply Last reply Reply Quote 1
        • girish
          girish Staff last edited by

          Looking into the flow a bit:

          • When a user is created (by the admin), it just says "Email". What we do is to set the primary and the fallback email to this email address.

          • Then, when a user signs up, he is not asked for any email. He has to know to go to Profile page and change it. Not ideal.

          I think we should fix the flow to ask the admin for both the emails. And also warning them if fallback email is hosted on Cloudron. If fallback email is left blank, we should ask the user when they sign up.

          marcusquinn 1 Reply Last reply Reply Quote 2
          • marcusquinn
            marcusquinn @girish last edited by

            @girish I don't think any of our users have fallback email addresses. The workaround for now has been to text them a reset link.

            I guess that lends itself to a SMS reset capability but then I can see that being complicated in finding providers for all country needs.

            We're managing, it's just a situation that relies upon a System Admin being available to assist.

            Perhaps there's another way somehow with registering a mobile app and push notifications?

            We're not here for a long time - but we are here for a good time :)
            Jersey/UK
            Work & Ecommerce Advice: https://brandlight.org
            Personal & Software Tips: https://marcusquinn.com

            girish 2 Replies Last reply Reply Quote 0
            • girish
              girish Staff @marcusquinn last edited by

              @marcusquinn I think this is a bug in our flow, will get this fixed.

              1 Reply Last reply Reply Quote 2
              • marcusquinn
                marcusquinn @girish last edited by

                @girish Sounds reasonable. It's not urgent, just something I found that happens often enough to consider if there's a way to make these things self-service without needing a System Admin to be available.

                We're not here for a long time - but we are here for a good time :)
                Jersey/UK
                Work & Ecommerce Advice: https://brandlight.org
                Personal & Software Tips: https://marcusquinn.com

                1 Reply Last reply Reply Quote 0
                • girish
                  girish Staff @marcusquinn last edited by

                  @marcusquinn Also, the fallback email is in the Profile view of the user . But of course, it's impossible for a normal user or even admin to know all what I said....

                  marcusquinn 1 Reply Last reply Reply Quote 1
                  • marcusquinn
                    marcusquinn @girish last edited by

                    @girish On the flip-side, personal email addresses can arguably be weaker than work ones, as people tend to use them for many years without any password policies, and there's plenty of online services to lookup exposed passwords by a person's email address.

                    We're not here for a long time - but we are here for a good time :)
                    Jersey/UK
                    Work & Ecommerce Advice: https://brandlight.org
                    Personal & Software Tips: https://marcusquinn.com

                    1 Reply Last reply Reply Quote 0
                    • marcusquinn
                      marcusquinn last edited by

                      If I think to all the big players, I think there's a good reason they use mobile numbers for 2FA and resets, people guard their phones more carefully than their credentials.

                      We're not here for a long time - but we are here for a good time :)
                      Jersey/UK
                      Work & Ecommerce Advice: https://brandlight.org
                      Personal & Software Tips: https://marcusquinn.com

                      mehdi 1 Reply Last reply Reply Quote 0
                      • mehdi
                        mehdi App Dev @marcusquinn last edited by

                        @marcusquinn Actually, SIM Swapping is pretty common. I would not suggest having a phone number as a single-point-of-failure for anything remotely critical.

                        1 Reply Last reply Reply Quote 2
                        • First post
                          Last post
                        Powered by NodeBB