Bug 56934 – Allow univentionPasswordSelfServiceEmail Field to Use mailPrimaryAddress

Bug 56934 - Allow univentionPasswordSelfServiceEmail Field to Use mailPrimaryAddress


Summary:	Allow univentionPasswordSelfServiceEmail Field to Use mailPrimaryAddress

Status:	NEEDMOREINFO

Product:	UCS
Classification:	Unclassified
Component:	Mail
Version:	UCS 5.0
Hardware:	amd64 Linux

Importance:	P5 normal (vote)
Target Milestone:	---
Assigned To:	Mail maintainers
QA Contact:	Mail maintainers

URL:
Keywords:

Depends on:
Blocks:
	Show dependency tree / graph

Reported:	2023-12-20 19:15 CET by ageukes
Modified:	2023-12-22 13:23 CET (History)
CC List:	1 user (show)

See Also:
What kind of report is it?:	Feature Request
What type of bug is this?:	---
Who will be affected by this bug?:	---
How will those affected feel about the bug?:	---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:	2023112921000236
Bug group (optional):
Max CVSS v3 score:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description ageukes

2023-12-20 19:15:36 CET

# Feature Request: Allow univentionPasswordSelfServiceEmail Field to Use mailPrimaryAddress

### Current State
Currently, the “Forgot Password” self-service uses the univentionPasswordSelfServiceEmail field for sending the password reset token. If this field is not set, the process fails.

### Desired State
The self-service should be able to use the mailPrimaryAddress field if the univentionPasswordSelfServiceEmail field is not set.

### Specification
Create a mechanism that allows the self-service to use the mailPrimaryAddress field for sending the password reset token when the univentionPasswordSelfServiceEmail field is not set. This can be achieved by setting a UCR (Univention Configuration Registry) variable that instructs the self-service to use the mailPrimaryAddress field.

### Additional Information
This feature request is based on the observation that the process fails when the univentionPasswordSelfServiceEmail field is not set see Bug 56933. Allowing the self-service to use the mailPrimaryAddress field will ensure that the password reset token is sent to the user’s primary email address. This will enhance the user experience and improve the functionality of the self-service.

Comment 1 Ingo Steuwer

2023-12-22 13:23:00 CET

The use case was discussed while implementing the self service and makes IMHO no sense:

the mailPrimaryAddress defines the mailbox which can be accessed by authenticating against credentials managed by UCS (LDAP, Kerberos, Keycloak, whatever). The password reset functionality has to work in case one has lost those credentials. In such a case, access to a mailbox which authenticates against the service for which you lost your credentials isn't given, so sending the reset token to such a mailbox doesn't help.

I therefore vote against introducing this as a standard option and set this to NEEDMOREINFO to better understand the use case.

sidenote: in case the univentionPasswordSelfServiceEmail is known or can be generated while creating the user in an automated way, I suggest to configure a user template or default syntax for it. This can be done with existing configuration methods.