--- umc/python/passwordreset/__init__.py.baaaak	2020-05-09 17:16:09.540720269 +0200
+++ umc/python/passwordreset/__init__.py	2020-05-09 13:31:35.015377388 +0200
@@ -306,7 +306,7 @@
 	@simple_response
 	def get_user_attributes(self, username, password):
 		dn, username = self.auth(username, password)
-		if self.is_blacklisted(username):
+		if self.is_blacklisted(username, tab="profiledata"):
 			raise ServiceForbidden()
 
 		user = self.get_udm_user_by_dn(dn)
@@ -411,7 +411,7 @@
 	@simple_response
 	def validate_user_attributes(self, username, password, attributes):
 		dn, username = self.auth(username, password)
-		if self.is_blacklisted(username):
+		if self.is_blacklisted(username, tab="profiledata"):
 			raise ServiceForbidden()
 		return self._validate_user_attributes(attributes)
 
@@ -465,7 +465,7 @@
 	@simple_response
 	def set_user_attributes(self, username, password, attributes):
 		dn, username = self.auth(username, password)
-		if self.is_blacklisted(username):
+		if self.is_blacklisted(username, tab="profiledata"):
 			raise ServiceForbidden()
 
 		user_attributes = [attr.strip() for attr in ucr.get('self-service/udm_attributes', '').split(',')]
@@ -1054,14 +1054,14 @@
 
 	# TODO: decoratorize
 	@machine_connection
-	def is_blacklisted(self, username, ldap_connection=None, ldap_position=None):
+	def is_blacklisted(self, username, ldap_connection=None, ldap_position=None, tab="passwordreset"):
 		def listize(li):
 			return [x.lower() for x in map(str.strip, li.split(",")) if x]
 
-		bl_users = listize(ucr.get("umc/self-service/passwordreset/blacklist/users", ""))
-		bl_groups = listize(ucr.get("umc/self-service/passwordreset/blacklist/groups", ""))
-		wh_users = listize(ucr.get("umc/self-service/passwordreset/whitelist/users", ""))
-		wh_groups = listize(ucr.get("umc/self-service/passwordreset/whitelist/groups", ""))
+		bl_users = listize(ucr.get("umc/self-service/{}/blacklist/users".format(tab), ""))
+		bl_groups = listize(ucr.get("umc/self-service/{}/blacklist/groups".format(tab), ""))
+		wh_users = listize(ucr.get("umc/self-service/{}/whitelist/users".format(tab), ""))
+		wh_groups = listize(ucr.get("umc/self-service/{}/whitelist/groups".format(tab), ""))
 
 		username = self.email2username(username)