diff --git a/docker/lama/dev.env b/docker/lama/dev.env
index 1f640cd..d91d21c 100644
--- a/docker/lama/dev.env
+++ b/docker/lama/dev.env
@@ -30,3 +30,13 @@ DEFAULT_FROM_EMAIL=
 SERVER_EMAIL=
 
 DELETION_WAIT_DAYS=14
+
+
+#EMAIL_BACKEND=smtp
+#EMAIL_HOST=smtp.uni-bamberg.de
+#EMAIL_PORT=587
+#EMAIL_USE_TLS=False
+#EMAIL_USE_SSL=False
+#DEFAULT_FROM_EMAIL=vergesslich@uni-bamberg.de
+##DEFAULT_FROM_EMAIL=fachschaft-wiai.stuve@uni-bamberg.de
+#SERVER_EMAIL=fachschaft-wiai.stuve@uni-bamberg.de
diff --git a/src/account_manager/forms.py b/src/account_manager/forms.py
index 859c10c..93fdd43 100644
--- a/src/account_manager/forms.py
+++ b/src/account_manager/forms.py
@@ -1,6 +1,6 @@
 from django import forms
 from django.contrib.auth import get_user_model
-from django.contrib.auth.forms import PasswordResetForm
+from django.contrib.auth.forms import PasswordResetForm, PasswordChangeForm
 
 from account_manager.utils.django_user import update_dajngo_user
 from .models import LdapUser, LdapGroup
@@ -95,3 +95,11 @@ class LdapPasswordResetForm(PasswordResetForm):
         })
         logger.debug((u for u in active_users))
         return (u for u in active_users)
+
+
+class LdapPasswordChangeForm(PasswordChangeForm):
+    def clean_old_password(self):
+        """
+        Validates that the old_password field is correct.
+        """
+        return "ralf"
diff --git a/src/account_manager/main_views.py b/src/account_manager/main_views.py
index 0974c06..6182a4b 100644
--- a/src/account_manager/main_views.py
+++ b/src/account_manager/main_views.py
@@ -45,7 +45,7 @@ def realm_list(request):
         try:
             LdapUser.base_dn = LdapUser.ROOT_DN
             user = LdapUser.objects.get(username=user.username)
-            realm_base_dn = re.compile('(uid=[a-zA-Z0-9_]*),(ou=[a-zA-Z_]*),(.*)').match(user.dn).group(3)
+            realm_base_dn = re.compile('(uid=[a-zA-Z0-9_-]*),(ou=[a-zA-Z_-]*),(.*)').match(user.dn).group(3)
             realm = Realm.objects.get(ldap_base_dn=realm_base_dn)
 
             return redirect('user-detail', realm.id, user.dn)
@@ -68,6 +68,7 @@ def _get_group_user_count_wrapper(realm):
 
 
 @login_required
+@is_realm_admin
 def realm_add(request):
     if request.user.is_superuser:
         realms = Realm.objects.all().order_by('name')
@@ -111,6 +112,7 @@ def realm_detail(request, realm_id):
 def get_realm_detail_rendered(request, realm_id, success_headline=None, success_text=None, error_headline=None,
                               error_text=None):
     realm = Realm.objects.get(id=realm_id)
+    ldap_admin_group, ldap_default_group = get_default_admin_group(realm)
     LdapUser.base_dn = realm.ldap_base_dn
     inactive_users = LdapUser.get_inactive_users().count()
     ldap_admin_group, ldap_default_group = get_default_admin_group(realm)
diff --git a/src/account_manager/models.py b/src/account_manager/models.py
index ecadf45..48bb3f6 100644
--- a/src/account_manager/models.py
+++ b/src/account_manager/models.py
@@ -84,7 +84,7 @@ class LdapUser(Model):
         LdapUser.base_dn = LdapUser.ROOT_DN
         ldap_user = LdapUser.objects.get(username=user.username)
         ldap_user.password = raw_password
-        LdapUser.base_dn = re.compile('(uid=[a-zA-Z0-9_]*),(.*)').match(ldap_user.dn).group(2)
+        LdapUser.base_dn = re.compile('(uid=[a-zA-Z0-9_-]*),(.*)').match(ldap_user.dn).group(2)
         ldap_user.save()
 
     @staticmethod
diff --git a/src/account_manager/urls.py b/src/account_manager/urls.py
index 68594dc..abdc25a 100644
--- a/src/account_manager/urls.py
+++ b/src/account_manager/urls.py
@@ -80,6 +80,8 @@ urlpatterns = [
          name='user-delete'),
     path('accounts/reset/<uidb64>/<token>/', user_views.LdapPasswordResetConfirmView.as_view(),
          name='ldap_password_reset_confirm'),
+    path('accounts/password_change/secure/', user_views.password_change_controller,
+         name='password_change_controller'),
     path('accounts/password_change/', user_views.LdapPasswordChangeView.as_view(),
          name='password_change'),
 
diff --git a/src/account_manager/views/user_views.py b/src/account_manager/views/user_views.py
index 85cedb7..1e312fb 100644
--- a/src/account_manager/views/user_views.py
+++ b/src/account_manager/views/user_views.py
@@ -8,19 +8,22 @@ from django.contrib.auth.views import PasswordResetConfirmView, PasswordChangeVi
 from django.contrib.sites.shortcuts import get_current_site
 from django.core.exceptions import ObjectDoesNotExist
 from django.db import IntegrityError
-from django.http import HttpRequest
+from django.http import HttpRequest, HttpResponseRedirect
 from django.shortcuts import render, redirect
 from django.utils.translation import gettext as _
 from ldap import ALREADY_EXISTS, OBJECT_CLASS_VIOLATION
+from django.urls import reverse
+from urllib.parse import urlencode
 
 from account_helper.models import Realm, DeletedUser
 from account_manager.forms import AddLDAPUserForm, UserDeleteListForm, UpdateLDAPUserForm, AdminUpdateLDAPUserForm, \
-    UserGroupListForm
+    UserGroupListForm, LdapPasswordChangeForm
 from account_manager.main_views import is_realm_admin
 from account_manager.models import LdapUser, LdapGroup
 from account_manager.utils.django_user import update_dajngo_user
 from account_manager.utils.mail_utils import send_welcome_mail, send_deletion_mail
 
+from django.contrib.auth import logout
 from django.conf import settings
 
 logger = logging.getLogger(__name__)
@@ -153,7 +156,7 @@ def realm_user_resend_password_reset(request, realm_id, user_dn):
     ldap_user = LdapUser.objects.get(dn=user_dn)
     try:
         if ldap_user.email:
-            logger.info("Sending email for to this email:", ldap_user.email)
+            logger.info(f"Sending email to {ldap_user.email}")
             form = PasswordResetForm({'email': ldap_user.email})
             if form.is_valid():
                 logger.info('CREATE REQUEST')
@@ -166,11 +169,11 @@ def realm_user_resend_password_reset(request, realm_id, user_dn):
                 form.save(
                     request=pw_reset_request,
                     use_https=True,
-                    from_email=os.environ.get('DEFAULT_FROM_EMAIL', 'vergesslich@test.de'),
+                    from_email=settings.DEFAULT_FROM_EMAIL,
                     email_template_name='registration/password_reset_email.html')
 
     except Exception as e:
-        logger.info('Error')
+        logger.error('Error')
     return redirect('realm-user-detail', realm_id, user_dn)
 
 
@@ -496,19 +499,37 @@ def ldap_add_user_to_groups(ldap_user, user_groups):
         group.save()
 
 
+@login_required
+def password_change_controller(request):
+    logout(request)
+    base_url = reverse('login')
+    next_param = reverse('password_change')
+    query_string = urlencode({'next': next_param})
+    url = '{}?{}'.format(base_url, query_string)
+    return redirect(url)
+
+
 class LdapPasswordResetConfirmView(PasswordResetConfirmView):
     def form_valid(self, form):
         user = form.save()
         password = form.cleaned_data['new_password1']
         LdapUser.base_dn = LdapUser.ROOT_DN
         LdapUser.password_reset(user, password)
-        return super().form_valid(form)
+        cached_redirect = super().form_valid(form)
+        user.set_unusable_password()
+        user.save()
+        return cached_redirect
 
 
 class LdapPasswordChangeView(PasswordChangeView):
+    form_class = LdapPasswordChangeForm
+
     def form_valid(self, form):
         user = form.save()
         password = form.cleaned_data['new_password1']
         LdapUser.base_dn = LdapUser.ROOT_DN
         LdapUser.password_reset(user, password)
-        return super().form_valid(form)
+        cached_request = super().form_valid(form)
+        user.set_unusable_password()
+        user.save()
+        return cached_request
diff --git a/src/core/docker_settings.py b/src/core/docker_settings.py
index 6783c79..8dd6444 100644
--- a/src/core/docker_settings.py
+++ b/src/core/docker_settings.py
@@ -180,6 +180,8 @@ else:
     EMAIL_TIMEOUT = 15
     EMAIL_HOST = os.environ['EMAIL_HOST']
     EMAIL_PORT = int(os.environ['EMAIL_PORT'])
+    EMAIL_HOST_USER = os.environ.get('EMAIL_HOST_USER','')
+    EMAIL_HOST_PASSWORD = os.environ.get('EMAIL_HOST_PASSWORD','')
     EMAIL_USE_TLS = os.environ.get('EMAIL_USE_TLS', 'False') == 'True'
     EMAIL_USE_SSL = os.environ.get('EMAIL_USE_SSL', 'False') == 'True'
 
diff --git a/src/core/urls.py b/src/core/urls.py
index 3c27ba8..7bbaeb6 100644
--- a/src/core/urls.py
+++ b/src/core/urls.py
@@ -18,6 +18,7 @@ from django.urls import path, include
 from django.contrib.auth import views as auth_views
 from django.contrib.auth.decorators import user_passes_test
 from account_manager.forms import LdapPasswordResetForm
+from account_manager.views.user_views import LdapPasswordChangeView
 from .views import about
 
 login_forbidden = user_passes_test(lambda u: u.is_anonymous(), '/')
@@ -31,5 +32,6 @@ urlpatterns = [
          auth_views.PasswordResetView.as_view(html_email_template_name='registration/password_reset_email.html',
                                               form_class=LdapPasswordResetForm),
          name='password_reset'),
+
     path('accounts/', include('django.contrib.auth.urls')),
 ]
diff --git a/src/templates/registration/password_change_form.html b/src/templates/registration/password_change_form.html
index 9e5f336..bb02d13 100644
--- a/src/templates/registration/password_change_form.html
+++ b/src/templates/registration/password_change_form.html
@@ -1,22 +1,33 @@
 {% extends 'base.jinja2' %}
 {% import 'macros/form_macros.jinja2' as mform %}
 {% block content %}
-    <div class="col-12 ">
-        <div class="row justify-content-center justify-content-sm-center">
-            <div class="col-12 col-sm-8 col-md-7 col-lg-5 col-xl-4 bg-white text-dark p-3 mt-5 border">
-                <h1 class="mb-4">Passwort ändern</h1>
-                <form method="post" class="floating-label-form">
-                    <input type="hidden" name="csrfmiddlewaretoken" value="{{ csrf_token }}">
-                    {{ mform.password_input(form.old_password) }}
-                    {{ mform.password_input(form.new_password1) }}
-                    {{ mform.password_input(form.new_password2) }}
-                    <div class="d-flex mt-4">
-                        <button type="submit" class="btn btn-primary mr-auto p-2">Speichern</button>
-                        <a href="{{ url('realm-home')}}"
-                           class="btn btn-secondary p-2">Abbrechen</a>
-                    </div>
-                </form>
-            </div>
+<div class="col-12 ">
+    <div class="row justify-content-center justify-content-sm-center">
+        <div class="col-12 col-sm-8 col-md-7 col-lg-5 col-xl-4 bg-white text-dark p-3 mt-5 border">
+            <h1 class="mb-4">Passwort ändern</h1>
+            <form method="post" class="floating-label-form">
+                <input type="hidden" name="csrfmiddlewaretoken" value="{{ csrf_token }}">
+<!--                                {{form.errors}}-->
+                    <input type="password"
+                           class="form-control"
+                           placeholder="Old password"
+                           aria-describedby="id_old_password_help"
+                           name="old_password"
+                           id="id_old_password"
+                           maxlength="None"
+                           value="ralf"
+                           hidden>
+
+<!--                {{ mform.password_input(form.old_password) }}-->
+                {{ mform.password_input(form.new_password1) }}
+                {{ mform.password_input(form.new_password2) }}
+                <div class="d-flex mt-4">
+                    <button type="submit" class="btn btn-primary mr-auto p-2">Speichern</button>
+                    <a href="{{ url('realm-home')}}"
+                       class="btn btn-secondary p-2">Abbrechen</a>
+                </div>
+            </form>
         </div>
     </div>
+</div>
 {% endblock %}
\ No newline at end of file
diff --git a/src/templates/user/user_detail.jinja2 b/src/templates/user/user_detail.jinja2
index d21f253..36d6105 100644
--- a/src/templates/user/user_detail.jinja2
+++ b/src/templates/user/user_detail.jinja2
@@ -32,7 +32,7 @@
                                         class="font-weight-bold">Email:</span> {{ user.user.email }}</li>
                                 <li class="list-group-item"><span
                                         class="font-weight-bold">Passwort:</span> <a
-                                        href="{{ url('password_change') }}">Passwort ändern</a>
+                                        href="{{ url('password_change_controller') }}">Passwort ändern</a>
                                 </li>
                                 <li class="list-group-item"><span
                                         class="font-weight-bold">Telefon:</span> {{ user.user.phone }}</li>