Starting with CloudPanel 3.2.0272.0, you can now easily configure password expirations per company and give them the ability to reset their own passwords when it comes close to expiring.
It is recommended that you disable expiring passwords in your domain because CloudPanel will use AD Fine Grained Password Policies to provision password policies per company. You can still have a global password policy for all your customers if you want and CloudPanel will still be able to process the user’s with passwords that are about to expire.
¶ How To
The first thing you need to do is configure how many days you want to start notifying the user that their password is about to expire. If you set the value to 14 then CloudPanel will search all users in the database with passwords about to expire within 14 days from the current server time.
When you login as a super admin, click on the right menu toggle button located at the top right.
This will bring you to another screen where you can choose Setup CloudPanel which will take you to the configuration.
Once you are on the CloudPanel Setup page, you will select E-mail Notifications and then select Enable/Disable Notifications tab.
At the very bottom you will find the password notification section where you can choose if you want to send password expiration notices to customers and also choose the number of days before their password expires to start e-mailing them.
Next, you will need to configure the body of the message you want to send to your customers. On the same page, select the Password Expires tab at the top and you will find a HTML editor where you can customize the message you want to send.
When configuring your message you can include variables that CloudPanel will replace with actual data from the database when the e-mails are sent. In the next section of this article will list each variable and what it displays.
Tip
Most e-mail programs do not currently support base64 encoded images. If you want to include an image with your template then you need to insert an image using a image URL instead of select a file.
Warnings
CloudPanel does not validate your HTML to make sure it is valid. We recommend you test your HTML using multiple browsers and also mobile devices
Email Template
You MUST include an email template if you enable password expiration notices or no emails will be sent. CloudPanel will not default to a standard template.
¶ Variables
The e-mail notifications sent to your clients can be customized by using a set of predefined variables. Simply include as many of the available variables listed below or on the setup page.
| Variable | Description |
|---|---|
| {{DisplayName}} | Replaces {{DisplayName}} with the actual display name of the user |
| {{Firstname}} | Replaces {{Firstname}} with the actual first name of the user |
| {{Lastname}} | Replaces {{Lastname}} with the actual last name of the user |
| {{Email}} | Replaces {{Email}} with the actual email of the user |
| {{ExpirationLink}} | Replaces {{ExpirationLink}} with the URL to your CloudPanel so the user can click on the link you provide to bring them to a page to reset their password. |
| {{Days}} | Replaces {{Days}} with the number of days before their password expire. This is calculated off the server current time and the date their password expires. |
| {{ExpirationDate}} | Replaces {{ExpirationDate}} with the actual date and time their password expires in format [Date H:MM:SS AM/PM] |
¶ Branding
By default CloudPanel will use the first global branding it finds in your branding configuration of CloudPanel. Starting with this release of CloudPanel there is a new drop down list on the branding page where you can associate a branding with a specific reseller if you use resellers.
How CloudPanel chooses which FQDN to use:
- CloudPanel looks up the user with the expired password and finds the reseller that the user is under.
- CloudPanel checks the database if that reseller has a custom branding applied. If the reseller does have a custom branding applied, then it will use that FQDN
- If CloudPanel can’t find a custom branding for the reseller the user is under, then it will default to the first branding that does not have a reseller selected.
- If there are multiple matching brandings, it will use the first one in alphabetical order.
- If CloudPanel cannot find a branding, then an error will occur.
¶ Troubleshooting
Email notifications are not being sent
- Check and make sure that the CloudPanel Service is running. This is what processes the email notifications and checks Active Directory for expiring passwords
- Make sure that you entered an email template because if it is left blank then no emails will be sent.
- Make sure that you actually enabled the notification under the Enable/Disable Notifications tab
- Check the CloudPanel Service log file located in the log directory of the service. The job will be executed and contain a note when it starts: “Job Executed: Querying a list of users with passwords about to expire” and then when it is going to send the email it will state “Job Executed: Sending support notifications”
The URL in the email notifications are invalid
The URL is generated from the branding you have configured. It is important that you configure a branding for CloudPanel so it can use the FQDN listed.