Skip to content

feat(idm): add --service-user flag to resetpassword command#12118

Merged
mmattel merged 4 commits intoowncloud:masterfrom
paul43210:fix/idm-resetpw-service-users
Apr 17, 2026
Merged

feat(idm): add --service-user flag to resetpassword command#12118
mmattel merged 4 commits intoowncloud:masterfrom
paul43210:fix/idm-resetpw-service-users

Conversation

@paul43210
Copy link
Copy Markdown
Contributor

@paul43210 paul43210 commented Mar 14, 2026

Summary

  • Adds --service-user flag to ocis idm resetpassword so it can target service accounts (ou=sysusers) instead of only regular users (ou=users)
  • Previously the DN was hardcoded to ou=users, making it impossible to reset passwords for libregraph, idp, or reva service users via the CLI

Usage

# Reset a regular user password (default, unchanged behavior)
ocis idm resetpassword -u admin

# Reset a service user password (new)
ocis idm resetpassword -u reva --service-user

Test plan

  • ocis idm resetpassword -u admin still works (targets ou=users)
  • ocis idm resetpassword -u reva --service-user targets ou=sysusers
  • Service starts correctly after password reset

Fixes: #12106

🤖 Generated with Claude Code

@paul43210 paul43210 mentioned this pull request Mar 14, 2026
Closed
@sonarqubecloud
Copy link
Copy Markdown

sonarqubecloud bot commented Mar 14, 2026

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

@mmattel mmattel requested a review from mklos-kw March 14, 2026 08:58
mklos-kw
mklos-kw reviewed Mar 16, 2026
View reviewed changes
Comment thread services/idm/pkg/command/resetpw.go Outdated
@mklos-kw
Copy link
Copy Markdown
Member

mklos-kw commented Mar 16, 2026

@kobergj Any security reasons why not to add this change?

@mmattel mmattel requested a review from kobergj March 18, 2026 08:28
@paul43210 paul43210 force-pushed the fix/idm-resetpw-service-users branch from 2a336c7 to d4a4f83 Compare March 26, 2026 15:45
@mmattel mmattel force-pushed the fix/idm-resetpw-service-users branch from d4a4f83 to f50e233 Compare March 26, 2026 16:05
@paul43210 paul43210 force-pushed the fix/idm-resetpw-service-users branch from f50e233 to 00fa9a4 Compare April 9, 2026 01:01
@mmattel mmattel enabled auto-merge (squash) April 14, 2026 07:00
paul43210 and others added 2 commits April 15, 2026 14:27
@paul43210 @claude
feat(idm): add --service-user flag to resetpassword command
115f3db 
The DN was hardcoded to ou=users, making it impossible to reset
passwords for service accounts (libregraph, idp, reva) which live
under ou=sysusers. The new --service-user flag selects the correct OU.

Fixes: owncloud#12106

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Signed-off-by: Paul Faure <paul@faure.ca>
@paul43210 @claude
docs: update changelog with PR number
468f2ac 
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Signed-off-by: Paul Faure <paul@faure.ca>
auto-merge was automatically disabled April 15, 2026 18:28

Head branch was pushed to by a user without write access

@paul43210 paul43210 force-pushed the fix/idm-resetpw-service-users branch from 2a619f1 to 468f2ac Compare April 15, 2026 18:28
@paul43210 @claude
refactor(idm): use --user-type flag instead of --service-user bool
2e45f5a 
Replace the --service-user boolean flag with a --user-type string flag
that accepts 'user' (default) or 'service'. This is more extensible
if additional user types are added in the future.

Addresses review feedback from mklos-kw.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Signed-off-by: Paul Faure <paul@faure.ca>
@paul43210
Copy link
Copy Markdown
Contributor Author

paul43210 commented Apr 15, 2026

Thanks for the approval @kobergj! And good suggestion @mklos-kw — replaced the --service-user bool with --user-type string flag:

ocis idm resetpassword --user-name admin                    # default: --user-type user (ou=users)
ocis idm resetpassword --user-name idp --user-type service  # ou=sysusers

Validates that --user-type is either user or service, returns a clear error otherwise. More extensible if additional user types are added later.

@mmattel mmattel enabled auto-merge (squash) April 17, 2026 10:47
@mmattel mmattel mentioned this pull request Apr 17, 2026
Open
@mmattel mmattel merged commit 1d9b6dd into owncloud:master Apr 17, 2026
54 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@mklos-kw mklos-kw mklos-kw left review comments

@kobergj kobergj kobergj approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Add support for resetting IDM service user passwords

4 participants

@paul43210 @mklos-kw @kobergj @mmattel