[ltb-dev] [LDAP Tool Box - Feature #181] Secret Question feature to reset/set your own password

noreply at lsc-project.org noreply at lsc-project.org
Thu Mar 25 09:29:22 CET 2010


Issue #181 has been updated by Clément Oudot.


Leandro Lattanzio wrote:
> *"How do a user initialize its question/answer?"*
> 
> I think users could receive an email with a link to a URL inviting them to set their own secret question and their own secret answer.
> The URL link can be unique (with expiring date), or the URL should ask for the user's password (more secure).
> 

Yes we can imagine have a page that initialize questions, asking for user password first. Thsi will be the responsibility of administrator to decide how inform users to initialize questions (he may want to do that by mail, or with a trigger on a connector, etc.)
 
> *"Questions should be stored in a sinle place for all users, answers should be stored in every user account."*
> I think there can be an attribute on ldap database to store the secret question for each user (each user has his/her own secret question), and should there be an attribute to store the secret answer for each user.

We have to manage translation of questions! So we can just put in user entry the reponse with this syntax:

<pre>
responseAttribute: {questionId}responseString
</pre>

Then each questionId will be an input in lang.inc.php so we can display the question in user's language. This can be done with an array.


Seems good?
----------------------------------------
Feature #181: Secret Question feature to reset/set your own password
http://tools.lsc-project.org/issues/show/181

Author: Leandro Lattanzio
Status: New
Priority: Normal
Assigned to: 
Category: Self Service Password
Target version: self-service-password-0.4


I think "LTB Self Service Password" should have a "Secret Question"-like feature to reset your own password.
(when a user forgot his/her password)

Of course, secret question (or similar information) should be stored on the ldap database.


-- 
You have received this notification because you have either subscribed to it, or are involved in it.
To change your notification preferences, please click here: http://tools.lsc-project.org/my/account
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ltb-project.org/pipermail/ltb-dev/attachments/20100325/849f2bc8/attachment.htm>


More information about the ltb-dev mailing list