Univention Bugzilla – Bug 56934
Allow univentionPasswordSelfServiceEmail Field to Use mailPrimaryAddress
Last modified: 2023-12-22 13:23:00 CET
# Feature Request: Allow univentionPasswordSelfServiceEmail Field to Use mailPrimaryAddress ### Current State Currently, the “Forgot Password” self-service uses the univentionPasswordSelfServiceEmail field for sending the password reset token. If this field is not set, the process fails. ### Desired State The self-service should be able to use the mailPrimaryAddress field if the univentionPasswordSelfServiceEmail field is not set. ### Specification Create a mechanism that allows the self-service to use the mailPrimaryAddress field for sending the password reset token when the univentionPasswordSelfServiceEmail field is not set. This can be achieved by setting a UCR (Univention Configuration Registry) variable that instructs the self-service to use the mailPrimaryAddress field. ### Additional Information This feature request is based on the observation that the process fails when the univentionPasswordSelfServiceEmail field is not set see Bug 56933. Allowing the self-service to use the mailPrimaryAddress field will ensure that the password reset token is sent to the user’s primary email address. This will enhance the user experience and improve the functionality of the self-service.
The use case was discussed while implementing the self service and makes IMHO no sense: the mailPrimaryAddress defines the mailbox which can be accessed by authenticating against credentials managed by UCS (LDAP, Kerberos, Keycloak, whatever). The password reset functionality has to work in case one has lost those credentials. In such a case, access to a mailbox which authenticates against the service for which you lost your credentials isn't given, so sending the reset token to such a mailbox doesn't help. I therefore vote against introducing this as a standard option and set this to NEEDMOREINFO to better understand the use case. sidenote: in case the univentionPasswordSelfServiceEmail is known or can be generated while creating the user in an automated way, I suggest to configure a user template or default syntax for it. This can be done with existing configuration methods.