Sending emails to users requires that the mail system on the UCS server is properly configured. The mail server must be capable of accepting and forwarding emails without requiring a password. Alternatively, Self Service can integrate with external programs, such as an SMS gateway. Various UCR variables starting with umc/self-service/passwordreset/sms are used to configure the sending of text messages.
Profile Management Made Easy
User accounts in the LDAP directory service store much more than just names and email addresses; they also include personal data such as profile pictures, private addresses, and other contact details. The Univention Directory Manager (UDM) facilitates access to the LDAP directory service, enabling the viewing, modification, deletion, and relocation of objects like users, groups, computers, printers, and shares. Typically, only admins have the authority to alter this data. However, Self Service enhances flexibility by allowing admins to activate specific fields that users can then manage themselves.
These two UCR variables determine which attributes users can modify in their own accounts:
- self-service/ldap_attributes: LDAP attributes that users can modify themselves; this variable needs to be configured on both the primary directory node and the backup directory nodes.
- self-service/udm_attributes: Users are permitted to edit these UDM attributes; ensure this variable is configured on all servers where the Self Service app is installed, including the Primary Directory Node.
A comma-separated list specifies the values for each variable. By default, all fields are enabled, allowing you to tailor the list to meet your specific needs easily.
It’s also possible to establish write protection for certain UDM attributes. Administrators should list these attributes in the self-service/udm_attributes/read-only variable, which must be set on all hosts where the app is installed, including the Primary Directory Node. Additionally, it’s crucial to remove the corresponding LDAP attributes from the self-service/ldap_attributes variable to ensure they do not interfere with the write protection of the UDM attributes.
By default, users are required to authenticate with their username and password before they can edit their profile. If you wish to disable this security measure, simply set the UCR variable umc/self-service/allow-authenticated-use to false.
Self Registration: Your Gateway to a Personal User Account
With the Self Service app, system administrators can enable new users to register their own accounts within the UCS environment. Although this feature is seldom used in corporate or educational settings, it is particularly suited for community projects that need Identity and Access Management (IAM) capabilities. Initially, the feature is disabled upon installation, and administrators must actively enable it. Configuration is managed through various UCR variables on the backend, identified by prefixes starting with umc/self-service/account-registration/:
- umc/self-service/account-registration/backend/enabled: (De)activates the self registration on the backend (default: false).
- umc/self-service/account-registration/frontend/enabled: (De)activates the tile Create an account on the frontend.
- umc/self-service/account-registration/udm_attributes: This includes a comma-separated list of UDM attributes displayed in the Create an account dialog; it must be configured on the backend.
- umc/self-service/account-registration/udm_attributes/required: Specifies a list of UDM attributes that are required; this setting is configured on the backend.
Once activated, a new Create an account tile appears on the Self Service portal, opening a dialog where new users input their email address, password, name, and username. Clicking on Create an account triggers an email to be sent to the user, containing a verification token. This token, which is 64 characters long by default, allows users to complete their login process.
Self Service function Create an account