Reset by questions

Configuration file: self-service-password/conf/

How it works?

First, the user should choose a question and register an answer. This answer will be stored in an attribute of its LDAP entry with this syntax:

You should configure your LDAP directory to protect this data, to be only accessed by Self Service Password. See also in this page how to encrypt values into LDAP directory.
The data will be written by the user or by the manager, depending on $who_change_password parameter.

Then, the user can reset its password by entering its answer and setting a new password.


You can enable or disable this feature with $use_questions:

$use_questions = true;

Attribute and object class

Set the attribute in which the answer will be stored:

$answer_attribute = "info";
The attribute name must be in lower case, this is required by php-ldap API.

If the above attribute is not in a standard user object class, configure the object class to use with this attribute:

$answer_objectClass = "extensibleObject";
The object class will be added to the entry only if it is not already present.
On Active Directory, extensibleObject is not known. You can use for example:
$answer_attribute = "comment";
$answer_objectClass = "user";

Crypt answers

Before 1.3 release, answers could not be encrypted in LDAP directory. An option can now be used to encrypt answers:

$crypt_answers = true;

You can set this option to false to keep the old behavior.

If you enable this option, you must change the default value of the security keyphrase

A script is provided to encrypt all clear text answers in LDAP directory, to allow a swooth migration. Just run the script (it will use your SSP LDAP settings to update values):

# php /usr/share/self-service-password/scripts/encrypt_answers.php

Edit questions

Questions are registered in lang files: lang/

To add a question, you can create a new value in the $messages['questions'] array, directly in local configuration file (

$messages['questions']['ice'] = "What is your favorite ice cream flavor?";