Closed patvdv-smo closed 5 months ago
By default, LAM uses security questions for the reset procedure. They require a special LDAP schema:
https://www.ldap-account-manager.org/static/doc/manual/ape.html
Users that have no question will not be found. If you do not want to use security questions then please activate the confirmation email and tick to do not ask the security question.
If this does not solve the issue please check LAM's log on level Debug:
https://www.ldap-account-manager.org/static/doc/manual/ch03.html#conf_logging
The debug showed the problem:
Apr 10 09:06:24 dummy php[1000343]: LDAP Account Manager (1jmg3add1brptgnq7qqh8u2fvl - 10.237.12.36,10.237.12.28 - ) - NOTICE: Self service password reset: Unable to find user entry for abc@siemens.com (multiple entries found).
Changing the duplicate record fixed the problem. Perhaps a more descriptive error message would be better.
FWIW: we prefer not to use the standard scheme of security questions as we don't want to extend the LDAP schema and our environment is isolated. The password reset via e-mail functionality suits best and now works fine.
Thanks a lot for the update. Unfortunately, the IT Security departments do not allow detailed messages for security reasons (user enumeration). This is why LAM prints a generic message and logs the details.
I will close this then as the problem is solved.
Software: LAM Pro 8.7
Issue: we have configured the Self Service with Password reset activated and E-mail as authentication. When trying to generate a password reset e-mail, we are getting the error: Unable to find user account. However when I log on with my credentials to the Self Service Portal, my e-mail is correctly displayed.
Settings: Admin DN has been obfuscated