Join GitHub today
GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.Sign up
Password Reset: Reset link should be send only if the provide email exists in LDAP #975
During PASSWORD reset, the reset link is send to the provided email address. Actually there is not validation to check if the email exist in Gluu's LDAP.
Password reset link should be send only when there is a user entry with the provided email in ldap.
Email validations are done at the backend. User receives link to reset password only when email is registered with GLUU. Otherwise this message is sent in email “This email address is not on our database of registered users and therefore the attempted password change has failed.”