1 Topic by sandeep.s9006

  • sandeep.s9006
  • Member
  • Offline
  • Registered: 2014-05-27
  • Posts: 1

Topic: How to let users reset their password on their own

==== Required information ====
- iRedMail version:  0.8.5
- Store mail accounts in which backend (LDAP/MySQL/PGSQL):  LDAP
- Linux/BSD distribution name and version:  CentOS 6.5
- Related log if you're reporting an issue: 
====

Hi,

I've around 500 users created on LDAP and are using email services provided with iRedmail and I thank the developer of this wonderful tool.

Over the time I've received various requests from the users to reset the passwords. Users tends to forgot their password and they come back to me to reset.

I am also too occupied to reset passwords that some times I do the resetting task only  and lately I've observed users too getting a bit hesitated to request for password reset as it has been done many times from their side.

for better user experience I want to let users reset their own passwords without my involvement. Just like we reset our password on a portal where we click Forgot password, enter the registered email ID and we get the password.

So my question is how do I let users reset their passwords on their own. ?

I know that even if they reset the password assocaited with email ID they can not login because they have forgotten the password, I will add a secondary user ID option in future for them so that password reset can be sent to that email ID.

Thanks,
Sandeep

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2 Reply by hata_ph

  • hata_ph
  • Member
  • Offline
  • Registered: 2010-01-13
  • Posts: 226

Re: How to let users reset their password on their own

you can try this but use it at your own risk...

http://ltb-project.org/wiki/documentati … e-password

3 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 31,165

Re: How to let users reset their password on their own

sandeep.s9006 wrote:

I know that even if they reset the password assocaited with email ID they can not login because they have forgotten the password, I will add a secondary user ID option in future for them so that password reset can be sent to that email ID.

Exactly, that problem is how we can give new password to user.

Mailing new password to mailbox doesn't work, because you forgot password and cannot access this mailbox at all.
A backup address bind to this mailbox should be fine.

4 Reply by fsantiago06111979

  • fsantiago06111979
  • Member
  • Offline
  • Registered: 2014-05-04
  • Posts: 229

Re: How to let users reset their password on their own

is there anyway to bind an alternate email address and to allow self-service password reset using a pgsql backend and RC mail?

5 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 31,165

Re: How to let users reset their password on their own

fsantiago06111979 wrote:

is there anyway to bind an alternate email address and to allow self-service password reset using a pgsql backend and RC mail?

You can add alternative email address to mail users (e.g. create addition SQL column to store this address).

6 Reply by fsantiago06111979

  • fsantiago06111979
  • Member
  • Offline
  • Registered: 2014-05-04
  • Posts: 229

Re: How to let users reset their password on their own

ZhangHuangbin wrote:
fsantiago06111979 wrote:

is there anyway to bind an alternate email address and to allow self-service password reset using a pgsql backend and RC mail?

You can add alternative email address to mail users (e.g. create addition SQL column to store this address).

Yeh but I meant through a web page for users to do themselves when they register.

What would also be cool would be if a new user self registration would require admin approval to be allowed and made active. Any ideas there? I'm not a dev otherwise I would come up with something myself.

7 Reply by alex42

  • alex42
  • Member
  • Offline
  • Registered: 2013-08-26
  • Posts: 147

Re: How to let users reset their password on their own

Would be really great if this would be implemented in iRedMail! We've got as well a lot of users (pupils) who often do forget their passwords.

8 Reply by jdelisle

  • jdelisle
  • Member
  • Offline
  • Registered: 2015-11-27
  • Posts: 17

Re: How to let users reset their password on their own

I've been looking at this: http://ltb-project.org/wiki/documentati … e-password

I really like it, as it allows users to reset their own passwords.  The catch is that the way it works out of the box is rather insecure.. it lets you choose a security question, provide an answer, and then should you forget your password you need to remember which question you answered, and provide the answer.  Why is that insecure?  Well, it only lets you choose ONE question, so all an intruder needs to do is guess the answer to that ONE question, and boom they can reset your password. 

Fortunately, it does allow you to use alternatives - like sending an SMS code through an Email->SMS gateway.  There are plenty of inexpensive email->SMS services.  I like https://www.textmagic.com/sms-pricing/

I suggest using SMS and disabling all other mechanisms for password reset.  This means they'll need to have a mobile # on record (entered in LDAP).

9 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 31,165

Re: How to let users reset their password on their own

*) How about allow user to input an alternative email address? And send reset password link to the address.
*) How about 2 security questions? Is it useless?

By the way, the textmagic.com looks interesting, and their API is very simple and easy to use (Python).