Table of Contents
If your community is configured to handle registration and authentication (that is, these functions aren't integrated with other applications or with Windows Active Directory), and if you make no other configuration changes, your community:
- Allows anyone who has an approved, registered user account to log in
- Allows visitors to the community to register with:
- A username between three and 64 characters that can include only letters, numbers, underscores, dashes, at signs, and periods while not containing a restricted word.
- Password with no restrictions on characters. A registered user can be reminded of their password via an email link sent to his/her registered email address.
When a user forgets his/her password, they can request a reminder via email. The password isn't sent in clear text; instead, Zimbra Community generates a unique URL with a temporary token. This token is unique to the user and can only be used once. It expires within three hours by default. Any attempt to reuse a token or use an expired token receives an error.
You can almost completely customize the user registration experience by following these instructions as well as those in Customized registration experience, which directs you how to define custom profile fields and profile field groups; edit the mode for the theme, and modify the User Login and Create widget.
To change any of these settings:
- Navigate to Control Panel > System Administration > Membership Administration > Configuration > Account Settings > Registration Settings. (The following screen capture does not show the whole window.)
- Configure the following options:
- Allow login - If you select yes, this option allows users other than admins to log into the site.
- Allow new user registration - If you select yes, new users are allowed to register.
- Show contact checkboxes - If you select yes, two contact options are displayed during registration for allowing the site or the site's partners to contact them. Users can change these settings after registering via their Settings > Email tab.
Username regular expression pattern - If you select yes, usernames must meet the limits of this expression. Previously existing usernames don't have to comply with this rule until the user edits his/her settings or an administrator modifies the user account.
Zimbra Community allows only the most common characters to be used in a user name. By default, user names are limited to:
- Alphanumeric characters (A-z, 0-9)
- Underscores (_)
- Hyphens (-)
- Periods (.)
- At signs (@)
If you need more information about how to write a regular expression, read this comprehensive regular expression guide. To allow another special character in user name, add it to the existing default regular expression. For example, if you want to allow apostrophes (') in user names, change the regular expression to ^[a-zA-Z0-9_\-@\.']+$
The regular expression should start with ^[ to indicate a search from the beginning of the user name and end with ]+$ to indicate any number of those characters that are specified in between. Certain characters must be escaped with a backslash (\) since they have special meaning in regular expressions (such as hyphens and periods).
- Username minimum length - You can change this from the default of three or more characters.
- Username maximum length - You can change this from the limit of 256 characters.
- Email regular expression pattern - The regular expression pattern needed for email IDs.
- Account activation - If the Enable Email property is enabled, all four of the following account activation options will be displayed. (If the property is disabled, only the Automatic and Admin approval options are displayed.)
- Automatic - Visitors can create their own accounts and are immediately approved without requiring an administrator to intervene. We recommend that you monitor user accounts closely in this scenario to ensure community members are positively contributing to the community.
- Invitation only - Visitors must be invited to the community.
- Email - Visitors can create their own accounts. Instead of specifying their own password, the system furnishes a password via the email.
- Admin approval - Visitors can create their own accounts, but they must be approved by an admin in the following location:
- Navigate to Control Panel > System Administration > Membership Administration > Members and Roles > Manage Users.
- Click More options and choose Pending approval from the Membership status drop-down list.
- Click Search.
- This lists any users who aren't yet approved. Click Edit next to each user to review his/her account request and, if approved, change Account status pending approval from Unapproved to Approved.
- Click Save changes.
- Password recovery - Specify how a user can recover his/her forgotten password:
- Link - When the user clicks Forgot password? and enters his/her email address, the system sends him/her an email with a link to force him/her to change the password on the Change Password page. We recommend using this recovery method for the highest security.
- Reset - The system generates a new password, which is emailed to the user.
- Password regular expression pattern - Passwords need to follow the terms set forth in the expression.
- Click Save to apply the settings.
To change the words that are restricted from being used as usernames for new users who attempt to join after the change (with existing users not being affected):
- Navigate to Control Panel Dashboard > System Administration > Site Administration > Content/Site Security > Username Filters.
- We have provided a default list of words that users cannot use when joining the site.
- You can add additional words by just typing them on a separate line.
- By default, the username filter will match only the whole restricted word. For example, the forbidden word "bad" would only be restricted if it is spelled exactly that way in the username filter. However, "ImABadGuy" would be allowed. If you want the filter match on partial words, you must add a wildcard character (*) to the beginning and end of the the word. Using the previous example, you would specify *bad* to restrict ImABadGuy or other usernames containing the word.
- You can remove words simply by removing that text from the list.
- Click Save changes. The next time a user attempts to join your community, if he/she attempts to use a word in this restricted list, he/she is given an error message and is required to enter a different username.