Topic: Prevent non-admin user from changing password
==== Required information ====
- iRedMail version (check /etc/iredmail-release): 0.9.2
- Linux/BSD distribution name and version: RHEL 6.6
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): MySQL
- Web server (Apache or Nginx): Apache
- Manage mail accounts with iRedAdmin-Pro? 2.1.3
- Related log if you're reporting an issue: unknown
====
In Admin-Pro, Advanced settings for a domain has a section at the bottom of the page called
"Disabled self-service preferences".
In that section, I have checked "Change password". My expectation is that checking this box disables a non-admin user's ability to change their own password. That's the behavior I want. However, when I log in as a non-admin user in that domain, there is still a password option on Settings, and it let's me change my password.
Is this feature not working correctly or am I misunderstanding what it's supposed to do?
Is there a way to prevent a non-admin user from changing his/her password. We're integrating these accounts into our web application. Our application needs to know the correct password. It would break the integration if the user can change the password from what our application has stored.
Thank you in advance for your kind attention.
----
Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.