Broken password reset on 4.2 upgrade

self-service
ucs-4-2

#1

4.x was working fine on password reset for users.
after the 4.2 upgrade the screen & html link for the password reset are broken

the univention server is hosted on a VM with a nat firewall.
the ip address of this server is : 192.168.100.43 , but then natted to 172.18.0.47

the password reset button shows :192.168.100.43 and clicking it takes the screen to this address, but since it is natted it will not work.
however the rest of the UCS configuration and HTML links are shown as 172.18.0.47

however if I edit the browser link :
FROM
https://192.168.100.43/univention/self-service/#page=passwordchange

TO
https://172.18.0.47/univention/self-service/#page=passwordchange

it works
clearly during the update the password module is getting the host details from a different place as the rest of the UCS environment

even more crazy is the email the pw re-set sends has the full & CORRECT domain name in the link

https://mirror-xxxxxx.yyyyy.com/univention/self-service/#page=newpassword


#2

Hello,

the self-service module has been overhauled. In the process some things has to be changed, because it can now be installed on various server roles.

The weblink in the univention portal can be changed either on the command line or in UMC.

Command line:

udm settings/portal_entry list --filter cn=self-service
udm settings/portal_entry modify --dn cn=self-service,cn=portal,cn=univention,dc=uni,dc=dtr --append 'link=https://172.18.0.47/univention/self-service/#page=passwordchange'
udm settings/portal_entry modify --dn cn=self-service,cn=portal,cn=univention,dc=uni,dc=dtr --remove 'link=https://192.168.100.43/univention/self-service/#page=passwordchange'
udm settings/portal_entry list --filter cn=self-service

To edit it comfortably in the UMC:

  1. start the module Domain→LDAP Directory
  2. open the subtree “univention” and select “portal”
  3. click “self-service” to edit it
  4. scroll down to the “Links” section and edit the link(s)
  5. “save”

You can set the UCR variable umc/self-service/passwordreset/email/webserver_address to set the hostname or ip address used in the email.
After that restart the UMC:
systemctl restart univention-management-console-server.service

Greetings
Daniel Tröder


#3

yes confirmed it worked,

I see what happened , it generated a link for each ip address.

congrats on the significantly better way to manage it in the LDAP