certificate reset by mail
Summary
I would like to propose a new feature named "certificate reset by mail". It has exactly the same steps as password reset by mail, but for certificate.
The feature is proposed for 1.9. if I have time, I'd like to make the feature available for 2.0 too
Design proposition
- User click the reset certificate button.
- He enters his mail.
- If mail is found in directory, a mail is sent with a link.
- The password click the link and comes back to portal
- The portal asks him to enter his certificate (base64 pem only)
- the certificate and a computed field are stored in two attributes defined by administrator
- a confirmation mail is sent.
Limitations
- no .p12 certificate accepted
- configuration key stored in lemonldap-ng.ini
- user can't use the reset password and reset certificate kinematics at the same time, because the session records a mail has been sent.
I'll be glad to hear about your comments if any.