It seems like every shop that uses LDAP at some point has to cobble together something to let users reset their passwords without bothering the IT staff. The workflow almost always looks like:
- User gives username (jblow)
- Email jblow@company a link
- User clicks link, puts in a new password
On the backend, that corresponds to:
- Web form gets a username, stores (username, big unique string) in a DB, emails big unique string to username@company
- Other form has a click on https://site/pwreset/big unique string , uses that to authenticate the user, changes their password
Right? So, has someone written one of these that they share? I'd rather use one that's had a bit more thought put into it than the 10 minute job everyone seems to do.
I did a quick search of Sourceforge, Freshmeat etc and didn't find anything that wasn't abandoned.