in my NS set-up for our tennis club I installed LDAP and Nextcloud.
Looks like NS by design requires that users change their password through the NS frontend (:980). In my set-up there is no need for most of the users to logon to NS directly. They shall only have access to Nextcloud.
So far I found the following:
I ticked the box for āNextcloud/LDAP Integration/Login Attributes/Advanced/Dicectory Settings/Enable LDAP password changes per userā.
This gives the users a passwort change field in the Nextcloud/security tab.
Unfortunately this seems not to be sufficient. A user can not change the password neither logging in with the short credentials nor with the full email address.
In another thread there was a hint about āDefault password policy DNā.
Not exactely knowing what to add there I tried: cn=ldapservice,dc=directory,dc=nh
but this still does not allow a user to change the password.
Within the nextcloud config file you can set a custom link to https://yourdomain.com/ssp or https://ssp.yourdomain.com so when users click on the āforgot password linkā on the nextcloud login page, they get redirected to the custom link specified.
There are some requirements to enable the user password changeā¦
Access control policies must be configured on the LDAP server to grant permissions for password changes. The User DN as configured in Server Settings needs to have write permissions in order to update the userPassword attribute.
(Additional requirements have to be met for Active Directory.)
First stopper (at least for openldap provider): the default config is using ldapservice service account, which has read-only access.
I didnāt though about using 'lost_password_link' => 'ssp_url', in the config file, good idea! Worth adding to the wiki after some more testing is done on ssp module.
Why NHS as the abbreviation for NethServer? In any case, youāre exposing only one standalone page (not part of the server manager or any Neth administrative stuff), allowing a user to change his password. This is no more exposure than allowing the same user to change his password directly inside Nextcloud.