Description

This article describes how to enable email password recovery for remote users  from remote LDAP user sync rules.

Scope

FortiAuthenticator v6.2.1.

Solution

• In earlier versions it is necessary to manually enable Email password recovery for each user.
• Starting from 6.2.1 version it is possible to enable Email password recovery from LDAP sync rule itself when-in this setting make sure that the option is enabled for both existing and new remote users.
  
  

To enable the option:
Go to Authentication -> User Management -> Remote User Sync Rule, edit Remote LDAP User Synchronization Rule and enable Email password recovery.

When the option is enabled in the sync rule, FortiAuthenticator will:

• Enable the email password recovery setting for new remote LDAP users if they also have a valid email address.
• Enable the email password recovery setting for existing remote LDAP users if they also have a valid email address.
  
  

When the option is disabled in the sync rule, FortiAuthenticator will behave the same as in previous releases:

• Disable the email password recovery setting for new remote LDAP users.
•  Leave the current email password recovery setting unchanged for existing remote LDAP users.