Topic: allow users to change their password

[mrshark]

hi
i'm trying to build a mail server, complete with webmail... tried horde and roundcube... i cannot find a way to include in their interface a way to request a forgotten password at login, or to change a password after successful login... googling i see that there are plugins to allow both of this for both the webmail, but this plugins are not present/enabled in sme implementation... also, trying to do this via userpanels addon, or via standard /user-manager url, leads me to 403 errors...
i've a server in dmz, NATted its ip on a public one, and i can access both webmails, and the other protocols i enabled... but /user and /user-manager give to me 403 error... i cannot enable remote access to 0.0.0.0 only for this, as it would expose server-manager, too...
any hint? thank you in advance...

[Stefano]

SME server is not aimed to be a "ISP" mail server, but a SmallMediumEnterprise server..

I guess you need something different

[mrshark]

i know, but i don't think that "changing your own password" while not in office is a PREMIUM feature... both webmail have this feature, but it's removed in sme implementation... just tried roundcube on iredmail and it have the password panel... so, instead of pointing me elsewhere, no hint on allowing my users to do this on sme8? thanks anyway for the answer

[frifri]

This is what i found in my notes :

Make a custom-template : /etc/e-smith/templates-custom/etc/httpd/conf/httpd.conf/VirtualHosts/28UserPasswordProxyPass

Code: [Select]

nano /etc/e-smith/templates-custom/etc/httpd/conf/httpd.conf/VirtualHosts/28UserPasswordProxyPass


Code: [Select]

{
    # vim: ft=perl:

    $haveSSL = (exists ${modSSL}{status} and ${modSSL}{status} eq "enabled") ?  'yes' : 'no';
    $plainTextAccess = ${'httpd-admin'}{PermitPlainTextAccess} || 'no';

    $OUT = '';
    foreach $place ('server-common','user-password')
    {
        if (($port eq "80") && ($haveSSL eq 'yes') && ($plainTextAccess ne 'yes'))
        {
            $OUT .= "    RewriteRule ^/$place(/.*|\$)    https://%{HTTP_HOST}/$place\$1 [L,R,NC]\n";
        } else {
            $OUT .= "    ProxyPass /$place http://127.0.0.1:${'httpd-admin'}{TCPPort}/$place\n";
            $OUT .= "    ProxyPassReverse /$place http://127.0.0.1:${'httpd-admin'}{TCPPort}/$place\n";
        }

        $OUT .= "    <Location /$place>\n";
        $OUT .= "        order deny,allow\n";
        $OUT .= "        deny from all\n";
        $OUT .= "        allow from all\n";   
        $OUT .= "    </Location>\n";
    }
}


Code: [Select]

expand-template /etc/httpd/conf/httpd.conf


Code: [Select]

/etc/init.d/httpd-e-smith restart

go to : https://www.yourserver.tld/user-password

[Stefano]

frifri: thank you for your suggestion.. is it in the wiki? if not, would you mind to create a page or to find a place for it? TIA

mrshark: on SME, users are real ones, not virtual.. so you can't expect to change password with a web panel of a email client..

you had an answer.. the other possibility is to tell your users to connect via vpn and change their password

[frifri]

@stefano : a similar situation was handled here : http://wiki.contribs.org/Zarafa_on_SME8#Password-change_by_users_from_outsite_your_network_for_webaccess.2Fwebapp_.28IF_USING_THE_UNIX_PLUGIN.29

[mrshark]

thanks frifri, it worked!
but now https://domain/user url is broken with 404 error...
i use that to delegate some panels to specific users...

[frifri]

Change this line :

Code: [Select]

foreach $place ('server-common','user-password')
to

Code: [Select]

foreach $place ('user-manager','server-common','user','user-password')
F.

[guest22]

Great info frifri !

[mrshark]

thanks! now it's perfect!

[guest22]

What name suggestion do you have for the wiki page explaining all this please?

[frifri]

How to : Password Change from WAN

[mrshark]

How to : Password Change from WAN

only if you stop before answer #7, which is fine for many
with that answer, it extends to give control su user-panels, so anyone can change how deliver mail (local, remote, both), basic mail rules and every addon you enable in user-panels plugin

[frifri]

You can change the password of admin/root from WAN too ...
Remember, Admin is in all groups, so if you give a group access to the user-passwordchange-panel, admin-password can also be changed ...