How to disable users from changing their password
Purpose
When you need all passwords to be only set from Confluence Admin. This page describes a way of preventing your users from changing their passwords.
Customisations are not supported
Note that Atlassian support does not cover customisations to Velocity files, such as those described on this page.
LDAP Passwords are not set by Confluence
Note that Confluence does not manage LDAP Users.
All files should be located under <confluence-install>\confluence\users
.
Solution
Removing the User Password Option.
To remove the option that allows people to select a new password, you will need to edit the Velocity template (.vm
file) as described below.
Locate your
changemypassword.vm
file under<confluence_install>\confluence\users\changemypassword.vm
- Edit this file with your favorite editor, such as Wordpad, Notepad or Notepad++ (recommended). The file looks something like this:
<html>
<head>
<title>$generalUtil.htmlEncode($pageTitle)</title>
#requireResource("confluence.web.resources:aui-forms")
</head>
#applyDecorator("root")
#decoratorParam("context" "profile")
#decoratorParam("mode" "edit-profile")
#decoratorParam("helper" $action.helper)
<body>
<div class="padded">
#if ($settingsManager.getGlobalSettings().isExternalUserManagement())
$action.getText("cannot.change.password.users.outside")
#elseif(!$userAccessor.isReadOnly($remoteUser))
#applyDecorator("form-aui")
#decoratorParam("formName" "changepassword")
#decoratorParam("submitAction" "dochangemypassword.action")
#decoratorParam("editAction" "changemypassword.action")
#decoratorParam("editMode" "$editMode")
#decoratorParam("saveValue" "Save")
#form_xsrfToken()
<fieldset>
#tag( "Password" "label='cur.pass.name'" "name='currentPassword'" "theme='aui'")
#tag( "Password" "label='new.pass.name'" "name='newPassword'" "theme='aui'")
#tag( "Password" "label='new.pass.confirm.name'" "name='newPasswordConfirmation'" "theme='aui'")
#tag( "Submit" "theme='aui'" "name='Test'")
</fieldset>
#end
#end
</div>
</body>
#end
</html>
- Add a comment, as shown below, replacing the block that starts with "
<fieldset...
" and ends with "</fieldset>
". After the edit, you should have something like this:
<html>
<head>
<title>$generalUtil.htmlEncode($pageTitle)</title>
#requireResource("confluence.web.resources:aui-forms")
</head>
#applyDecorator("root")
#decoratorParam("context" "profile")
#decoratorParam("mode" "edit-profile")
#decoratorParam("helper" $action.helper)
<body>
<div class="padded">
#if ($settingsManager.getGlobalSettings().isExternalUserManagement())
$action.getText("cannot.change.password.users.outside")
#elseif(!$userAccessor.isReadOnly($remoteUser))
#applyDecorator("form-aui")
#decoratorParam("formName" "changepassword")
#decoratorParam("submitAction" "dochangemypassword.action")
#decoratorParam("editAction" "changemypassword.action")
#decoratorParam("editMode" "$editMode")
#decoratorParam("saveValue" "Save")
#form_xsrfToken()
<h1>Dear User,</h1><br>
<p><font size="3" color="red">You cannot change your password, this is disabled.<br>
Please continue to use your actual password<br>
If you have any complains contact the Admin.<br>
Regards your Admin.<br></font></p>
#end
#end
</div>
</body>
#end
</html>
- Save the file. You can reload your page and see the changes. There is no need to restart Confluence.
After following the above steps, you will have something like this:
Congratulations, that's it
Have a candy!