Can we PLEASE have the "self service" sorted out

Can someone please sort out the self service.

  1. STOP erasing email addresses entered previously
    It might go for months or years , but the email addresses KEEP disappearing.
  2. Add a “sync” so that account email addresses that are already in the user profile can be used or “injected” into the secondary database for “self service”

it is absolutely INSANE that you are expected to continually have to manually re-input data into a database when you already have the data in the LDAP database.

Why have a system that keeps multiple copies of the same data?

Hi @talleyrand,

please send more infos about the behavior.


example of empty user pw recovery

maybe it happened on that recent postgres update., since they both use the same system.
that said… i’d rather just have a script i can run to auto fill the data

Hi @talleyrand,

correct me, however the self service UDM property is not stored in postgresql but in openLDAP. Postgresql in self service is used for handling tokens. You can look at it directly in psql with the following:

  • su -postgres
  • psql (as postgres user)
  • \c selfservice (use self-service database)
  • \dt; (view)
  • \d tokens; (show)

Now add self service e-mail-address for a user and grep for this mail:

udm users/user list --filter uid=YOUR_USER | grep PasswordRecoveryEmail


I’d been told previously that it was in postgres, and that’s why we had to enter the data twice.

It’s still madness and even more so now!!!
Becasue it would make far more sense to have TWO modes for self service…

  1. The ability to use EXISTING email addresse stored in the user profile.
    OR /AND
    the ability to use an extention , that has a “secondary” email address. stored in LDAP.

That said my basic user profiles STILL contain the email address, but over the last 2 years of testing this, I have had to repeatedly re enter these secondary email addresses, and it is no longer funny in the amount of extra work and hasle this is costing.
It’s been maybe 4 times that this has “dissapeared”…
the WHOLE profiles are cleared, both the email address and the validation true/false.

it would be less of a pain ,if there was a damned button we could press to re-populate from the user profiles,
but … nope… we have to manually re enter each and every damned email address back into this system.

It’s not even if it is on the same page so we can cut & paste.

and i know i’m not going mad and getting confused, becasue the indian staff keep forgetting thier pw ,so make use of this feature…
but now its cleared again.

yep… after testing above…

I only have 5 users showing, all of which i re-entered in the last week.

the rest are totally blank


as I have already shown, the self-service email addresses are already saved in the openLDAP and not in postresql. So you don’t need a sync button. If the self-service email addresses disappear in the openLDAP, there must be another problem here. If I am to help sensibly here, I need more information about the system and please also look for abnormalities in the relevant log files.

Your problem must have a different cause and it is important to investigate.

it DOES need a sync button.
because when you first install it and say you have 1,000 users,
are you expected to transfer those users from the ldap of each users email record to the, validation field?

and when we add users, are we expected to “double type” the same information?

Relevant log files… being ?

No. Your reasoning is difficult to follow. It feels like you are mixing up different things here.

The self-service mail addresses are stored in openLDAP, you do not need to synchronize anything there. By validation field do you mean PasswordRecoveryEmailVerified? You can simply do this in the multiple processing in the user module (UMC). Depending on the user lifecycle, you can also automate this (hook, bash script via cronjob). If you need support with this, you can contact Professional Service.