First of all I would like to thank entire community and team
for such a wonderful system. And is there any progress on the feature request by rbukovansky?
We are social organization with different
field offices. We started to use that system with LDAP authentication Plugin. And users always asking support for resetting their
password. So, we are
expecting Password reset features for LDAP users as well.
As mentioned by SyntRxError, the users connected in domain
are able to change their password through desktop/laptop. But the users in
remote filed offices are unable to do that. So they require remote password
reset/modify technology. Similarly, there might be potential security risk in
pushing back password to the server on password changes as mentioned by ntozier.
But the system has already designed to take care of that in some extent as follows:
1) Able to use SSL certificate in the system.2) Password reset link is sent to pre-define email address on link
only and system admin is responsible to configure Email address of the user.
3) Password reset link is active for predefined
time period and it also disabled after us
4) Password modification use secure hash algorithms to create
it.
And I think such password modification option should be
available as an optional to LDAP plugin users. On that features,
there should be an option in LDAP plugin whether the system admin should permit for
password reset/modify/change to LDAP users as well.
That additional feature will be great supportive to us. Thus, we also would like to request for that additional feature
in LDAP Authentication and Lookup plugin.
Thank you and regards’
SD_Tech