Problem: You are not authorized to reset your password but your mail adress is deposited

Problem

You want to reset your password via self service and you are sure, your mail address is desposited. Regardless you get the following error message:

Ein Fehler ist aufgetreten:
Sie sind nicht authorisiert, diese Aktion durchzuführen.

Fehlernachricht des Servers:

Für diesen Benutzer wurden keine Kontaktinformationen hinterlegt. Das Zurücksetzen des Passworts ist daher nicht möglich.
An error occurred
You are not authorized to perform this action.

Server error message:

No contact information is stored for this user. Resetting the password is not possible.

Solution

Check the ucr variable for blacklisting:
umc/self-service/passwordreset/[blacklist|whitelist]/*
Default is:

root@master:~# ucr get umc/self-service/passwordreset/blacklist/groups 
Administrators,Domain Admins
root@master:~# ucr get umc/self-service/passwordreset/whitelist/groups 
Domain Users

If the user is member of the backlisted groups, the password reset is not possible.

Investigation

Increase the loglevel for UMC:

ucr set umc/server/debug/level=4 umc/module/debug/level=4
service univention-management-console-server restart
service univention-management-console-web-server restart

The logfile /var/log/univention/management-console-module-passwordreset.log shows the following hint:

ADMIN       ( INFO    ) : groups/group: open(): member check duration: 0.00s
MODULE      ( INFO    ) : is_blacklisted(cschein): match in blacklisted groups
MODULE      ( PROCESS ) : No contact information is stored for this user. Resetting the password is not possible.
Mastodon