LL::NG can propose a password reset form, for users who loose their password (this kind of application is also called a self service password interface).
Kinematics:
User clicks on the link Reset my password
User enters his email (or another information) in the password reset form
LL::NG try to find the user in users database with the given information
A mail with a token is sent to user
The user click on the link in the mail
LL::NG validate the token and propose a password change form
The user can choose a new password or ask to generate one
The new password is sent to user by mail if user ask to generate one, else the mail only confirm that the password was changed
If
LDAP backend is used, and LDAP password policy is enabled, the 'password reset flag is set to true when password is generated, so that the user is forced to change his password on next connection. This feature can be disabled in
LDAP configuration.
If the user do a new password reset request but there is already a request pending, the user can ask the confirmation mail to be resent. The request validity time is a configuration parameter.
The reset password link must be activated, see portal customization.
Then go in Manager, General Parameters
» Advanced Parameters
» Password management
:
If no SMTP server is configured, the mail will be sent via the local sendmail program. Else, Net::SMTP module is required to use the SMTP server
The SMTP server value can hold the port, for example: mail.example.com:25
If authentication is configured, Authen::SASL and MIME::Base64 modules are required
Mail headers:
Mail sender: address seen in the “From” field (default: noreply@[DOMAIN])
Reply address: address seen in the “Reply-To” field
Mail charset: Charset used for the body of the mail (default: utf-8)
Mail content:
Success mail subject: Subject of mail sent when password is changed (default: [LemonLDAP::NG] Your new password)
Success mail content (optional): Content of mail sent when password is changed
Confirmation mail subject: Subject of mail sent when password change is asked (default: [LemonLDAP::NG] Password reset confirmation)
Confirmation mail content (optional): Content of mail sent when password change is asked
By default, mail content are empty in order to use
HTML templates:
If you define mail contents in Manager, HTML templates will not be used.
Other:
Page URL:
URL of password reset page (default: [PORTAL]/mail.pl)
Regexp for password generation: Regular expression used to generate the password (default: [A-Z]{3}[a-z]{5}.\d{2})
Validity time of a password reset request: number of seconds for password reset request validity. During this period, user can ask the confirmation mail to be resent (default: session timeout value)
Session key containing mail address: name of the session key containing email address. This value will be used to know to which recipient the has to be sent (default: mail).