I am running a zammad instance with LDAP login.
I was not aware of the possible implications of leaving “forgot password” enabled when you are using LDAP. So precisely the case that is mentioned here, happened:
A user used the forgot password functionality, thus created a local DB pwd and overrid her LDAP password, and then forgot the locally created one. Now that I know, I will of course disable the"forgot password" feature, but also I want to delete the users local pwd to go back to full LDAP authentication.
How do I do that?
I assume I have to purge the local password somehow from the console?
Above statements regarding the password are not entirely true, let me correct that:
Local password and LDAP password life side by side and technically work both.
Zammad does not prefer either one.
Use below command with care, it removes ALL password entries. It does not differ between agent, admin or customer. This is a technical dangerous command. That’s the part you’ll be doing a backup or snapshot before.
Dangerzone, I absolutely read and understood above and still want to remove all password entries
# within a rails console (zammad run rails c)
User.where.not(password: nil).find_in_batches do |batch|
batch.each do |user|
user.update_columns(password: nil) # not official supported, no support will be provided
user.touch
end
end