1

Topic: Prevent non-admin user from changing password

==== Required information ====
- iRedMail version (check /etc/iredmail-release): 0.9.2
- Linux/BSD distribution name and version: RHEL 6.6
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): MySQL
- Web server (Apache or Nginx): Apache
- Manage mail accounts with iRedAdmin-Pro? 2.1.3
- Related log if you're reporting an issue: unknown
====

In Admin-Pro, Advanced settings for a domain has a section at the bottom of the page called
"Disabled self-service preferences".

In that section, I have checked "Change password".  My expectation is that checking this box disables a non-admin user's ability to change their own password.  That's the behavior I want.  However, when I log in as a non-admin user in that domain, there is still a password option on Settings, and it let's me change my password.

Is this feature not working correctly or am I misunderstanding what it's supposed to do?

Is there a way to prevent a non-admin user from changing his/her password.  We're integrating these accounts into our web application.  Our application needs to know the correct password.  It would break the integration if the user can change the password from what our application has stored.

Thank you in advance for your kind attention.

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2

Re: Prevent non-admin user from changing password

Sorry for the trouble.  After reading documentation I realize the "Change Password" feature is about forcing or not forcing a password change in 90 days.

Unless you know how it can be done, I suppose I'll have to figure out how to disable the ability for users to change their own passwords in RoundCube web mail.

3

Re: Prevent non-admin user from changing password

Solved.  Found the setting in roundcube plugins to turn off password in settings.

This topic can be closed.

4

Re: Prevent non-admin user from changing password

ghaecker wrote:

In Admin-Pro, Advanced settings for a domain has a section at the bottom of the page called
"Disabled self-service preferences".

This is used if user login to iRedAdmin-Pro, not Roundcube. Roundcube has its own 'password' plugin.