Issue #397 has been updated by Boldly Going Nowhere.

See my update in Bug 873 for a solution in based on v0.9.
Bug #397: User based LDAP bind and email token password reset inherently 

Author: Gene Wood
Status: Assigned
Priority: Normal
Assigned to: Clément OUDOT
Category: Self Service Password
Target version: self-service-password-?

As of version 0.7 of SSP allows the following setup which is inherently 
impossible :
$who_change_password = "user";
$use_tokens = true;

If SSP is using user based authentication to the LDAP server (not Manager 
binddn), then when a user tries to reset their password and they click on the 
email link bringing them to the rest page, upon submitting the form, SSP fail 
to authenticate to the LDAP server (since it has no usable binddn) and show the 
cryptic error :

LDAP - Modify password error 8 (Strong(er) authentication required)

There should be both notes in the explaining that these are 
incompatible as well as a check done in the code to confirm these two settings 
are not set together and outputting a descriptive error about why this doesn't 

Since I wanted to have the email token password reset functionality, I put in a 
binddn and bindpw.

You have received this notification because you have either subscribed to it, 
or are involved in it.
To change your notification preferences, please click here:
ltb-dev mailing list

Reply via email to