Reset by questions

Configuration file: self-service-password/conf/

How it works?

First, the user should choose a question and register an answer. This answer will be stored in an attribute of its LDAP entry with this syntax:

You should configure your LDAP directory to protect this data, to be only accessed by Self Service Password.
The data will be written by the user or by the manager, depending on $who_change_password parameter.

Then, the user can reset its password by entering its answer and setting a new password.


You can enable or disable this feature with $use_questions:

$use_questions = true;

Attribute and object class

Set the attribute in which the answer will be stored:

$answer_attribute = "info";

If the above attribute is not in a standard user object class, configure the object class to use with this attribute:

$answer_objectClass = "extensibleObject";
The object class will be added to the entry only if it is not already present.
On Active Directory, extensibleObject is not known. You can use for example:
$answer_attribute = "comment";
$answer_objectClass = "user";

Edit questions

Questions are registered in lang files: lang/

To add a question, you can create a new value in the $messages['questions'] array, directly in the main configuration files (

$messages['questions']['ice'] = "What is your favorite ice cream flavor?";