Issue #397 has been updated by Clément OUDOT. Status changed from New to Assigned Assigned to set to Clément OUDOT Target version set to self-service-password-?
Yes, you need binddn and bindpw for reset by questions or reset by tokens. Some checks can indeed been done in the code. ---------------------------------------- Bug #397: User based LDAP bind and email token password reset inherently incompatible http://tools.lsc-project.org/issues/397 Author: Gene Wood Status: Assigned Priority: Normal Assigned to: Clément OUDOT Category: Self Service Password Target version: self-service-password-? As of version 0.7 of SSP allows the following setup which is inherently impossible : <pre> $who_change_password = "user"; $use_tokens = true; </pre> If SSP is using user based authentication to the LDAP server (not Manager binddn), then when a user tries to reset their password and they click on the email link bringing them to the rest page, upon submitting the form, SSP fail to authenticate to the LDAP server (since it has no usable binddn) and show the cryptic error : <pre> LDAP - Modify password error 8 (Strong(er) authentication required) </pre> There should be both notes in the config.inc.php explaining that these are incompatible as well as a check done in the code to confirm these two settings are not set together and outputting a descriptive error about why this doesn't work. Since I wanted to have the email token password reset functionality, I put in a binddn and bindpw. -- You have received this notification because you have either subscribed to it, or are involved in it. To change your notification preferences, please click here: http://tools.lsc-project.org/my/account
_______________________________________________ ltb-dev mailing list [email protected] http://lists.ltb-project.org/listinfo/ltb-dev
