Availability of "Remove all 2FA" when LDAP is used and some suggestions about lock2factor and first/reset confirurations and their backupcodes renewals later

[dxdemetriou]

Is your feature request related to a problem? Please describe.

-The option "Remove all 2nd factor authentication" is not available when LDAP is used as there is no the "Change Password" option. Also, there is no some kind of security on their user's first 2FA configuration, and the "lock2factor" option is not allowing users users for setting their first 2FA.

Describe the solution you'd like A clear and concise description of what you want to happen.

-Include "Remove all 2nd factor authentication" option when LDAP is used, so the administrators they'll be able to reset some user's 2FA

-Requirement of OTP for the first configuration/reset of 2FA either sent by email or manually (as some kind of security so you'll know that the 2FA configuration it's done by the same user and not by some other user because of some leak)

-When "lock2factor" is true, if not 2FA exist allow the users to configure their 2FA by an OTP given before, and if possible, allow users to renew their "Manage backup codes" by using their configured 2FA.