I'm using CROWD to manage an LDAP tree with all my users. We use this LDAP tree to authenticate our users on our e-mail server and on many other systems.

When a user has lost his password, he has no really good option to reset:

• he cannot reset it from the Crowd Console (he cannot access it any more)
• the admin cannot reset it for him directly from Crowd, as Crowd would send an e-mail with the new password to the user, and the user cannot access his mail any more.

So essentially all the "lost password" issues end up in:

• an escalation to the admin (me)
• some waiting time for the user until I can react on it
• an e-mail to the user's personal e-mail account with his new password... as we cannot use the corporate e-mail account to do this.

I would be in favor of implementing an alternate method to recover a lost password, ie:

• mail to an alternate e-mail address which would be pre-linked to the account. This should be triggered by the user himself.
• SMS to the users's cell phone (may require an external SMS gateway, but it would be really practical)
• ... other ideas ?