1

Topic: Users's "Lost Password" feature

==== Required information ====
- iRedMail version:
- Store mail accounts in which backend (LDAP/MySQL/PGSQL):
- Linux/BSD distribution name and version:
- Related log if you're reporting an issue:
====

Greetings,
I require a "I lost my password" feature on my iredmail (I"m using OpenLDAP version).
How do I set that for my users to recover their passwords?

Thank you.

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2

Re: Users's "Lost Password" feature

Currently, only admin can change user password if user forgot it. Admin can change password with iRedAdmin or phpLDAPadmin/phpMyAdmin/phpPgAdmin.

3

Re: Users's "Lost Password" feature

Perhaps this needs a bit of attention since it was posted in 2013 no feature like this has been created in iRed but a great deal of time to offer many other ways to encrypt passwords.
How about a link to forgot password so the user can reset it themselves, or even a user accessible config page they can setup a SMS recovery number and a recovery email field that a user can configure and receive a password reset via another email address or a smart phone text message?

4

Re: Users's "Lost Password" feature

sergiocesar wrote:

How about a link to forgot password so the user can reset it themselves, or even a user accessible config page they can setup a SMS recovery number and a recovery email field that a user can configure and receive a password reset via another email address or a smart phone text message?

To recover password, you send a way to send new password to user, email and SMS are ok, but you need to store user's additional email address or phone number before he lost the password. Sending an email with new password is easier, but sending SMS requires additional software and hardware.

Another way is, store a question and user's answer in SQL/LDAP. When user tries to recover the password, just type the same answer and redirect to a new page to set a new password.

Which one is preferred?

5

Re: Users's "Lost Password" feature

ZhangHuangbin wrote:
sergiocesar wrote:

How about a link to forgot password so the user can reset it themselves, or even a user accessible config page they can setup a SMS recovery number and a recovery email field that a user can configure and receive a password reset via another email address or a smart phone text message?

To recover password, you send a way to send new password to user, email and SMS are ok, but you need to store user's additional email address or phone number before he lost the password. Sending an email with new password is easier, but sending SMS requires additional software and hardware.

Another way is, store a question and user's answer in SQL/LDAP. When user tries to recover the password, just type the same answer and redirect to a new page to set a new password.

Which one is preferred?

sms can be sent at least in the us by just sending an email to the phonenumber@provider.tld
one can have a secret question and answer saved also. anything is better then nothing really.