Problem:
Internal server error: The service is temporarily not available.
Investigation:
Step 1
Check the adjusted self-service limits
umc/self-service/passwordreset/limit/per_user/.*: <empty>
umc/self-service/passwordreset/limit/per_user/day: 120
umc/self-service/passwordreset/limit/per_user/hour: 60
umc/self-service/passwordreset/limit/per_user/minute: 10
umc/self-service/passwordreset/limit/total/.*: <empty>
umc/self-service/passwordreset/limit/total/day: 1000
umc/self-service/passwordreset/limit/total/hour: 200
umc/self-service/passwordreset/limit/total/minute: 120
Step 2
Check the statistics:
/usr/lib/univention-self-service/univention-self-service-request-count
t:c_day: 1 / 1000 expiration in 86116 seconds (at 17.09.2019 16:38:30)
t:c_hour: 59 / 200 expiration in 3316 seconds (at 16.09.2019 17:38:30)
t:c_minute: 1 / 120 expiration in 46 seconds (at 16.09.2019 16:44:00)
[...]
Step 3
If these numbers in the statistic rise extremely fast, then you might check for a dos attack.
Within 6 minutes 59 trials are completed
Active: active (running) since Mon 2019-09-16 16:38:12 CEST; 6min ago
t:c_day: 1 / 1000 expiration in 86116 seconds (at 17.09.2019 16:38:30)
t:c_hour: 59 / 200 expiration in 3316 seconds (at 16.09.2019 17:38:30)
t:c_minute: 1 / 120 expiration in 46 seconds (at 16.09.2019 16:44:00)
With a restart of the service you reset the statistic and can use the self-service untill the limit is reached again.
systemctl status univention-self-service-passwordreset-umc.service
Step 4
Check if self-service invitation is activatet and there are some deactivated users:
ucr get umc/self-service/invitation/enabled
univention-ldapsearch uid=user1 sambaAcctFlags
→ sambaAcctFlags: [UD ] → "D" Account is disabled
Step 5
Check the self-service invitation cache:
ls -lah /var/cache/univention-directory-listener/selfservice-invitation/
-rw------- 1 listener nogroup 0 Sep 11 12:09 user1.send
Solution:
Move the cache files or delete them and restart the services:
mv /var/cache/univention-directory-listener/selfservice-invitation/* ~/somewhere/
systemctl restart univention-self-service-invitation.service
systemctl status univention-self-service-passwordreset-umc.service
See also Bug 50230