diff --git a/config/config.sample.php b/config/config.sample.php
index 2bafbd411c9c66701f1f532c1a309c5df113dd67..b143693082a8ab0ae5ee76ce25db8e5f3ca7c5d9 100644
--- a/config/config.sample.php
+++ b/config/config.sample.php
@@ -253,6 +253,7 @@ $CONFIG = array(
  * read-only user backend like LDAP), you can specify a custom link, where the
  * user is redirected to, when clicking the "reset password" link after a failed
  * login-attempt.
+ * In case you do not want to provide any link, replace the url with 'disabled'
  */
 'lost_password_link' => 'https://example.org/link/to/password/reset',
 
diff --git a/core/Controller/LoginController.php b/core/Controller/LoginController.php
index 691d74cdc604e28662670dd10b1264fb3a12b369..93b695dd9992c48447fd589417b91ea42fce9c6f 100644
--- a/core/Controller/LoginController.php
+++ b/core/Controller/LoginController.php
@@ -159,6 +159,8 @@ class LoginController extends Controller {
 					$parameters['canResetPassword'] = $userObj->canChangePassword();
 				}
 			}
+		} elseif ($parameters['resetPasswordLink'] === 'disabled') {
+			$parameters['canResetPassword'] = false;
 		}
 
 		$parameters['alt_login'] = OC_App::getAlternativeLogIns();
diff --git a/core/Controller/LostController.php b/core/Controller/LostController.php
index 3f9ef172365acad3cf2c69a70603b8673e21a202..0d5988a24958fa270fb6c4195d2464342b6d131c 100644
--- a/core/Controller/LostController.php
+++ b/core/Controller/LostController.php
@@ -131,6 +131,14 @@ class LostController extends Controller {
 	 * @return TemplateResponse
 	 */
 	public function resetform($token, $userId) {
+		if ($this->config->getSystemValue('lost_password_link', '') !== '') {
+			return new TemplateResponse('core', 'error', [
+					'errors' => [['error' => $this->l10n->t('Password reset is disabled')]]
+				],
+				'guest'
+			);
+		}
+
 		try {
 			$this->checkPasswordResetToken($token, $userId);
 		} catch (\Exception $e) {
@@ -211,6 +219,10 @@ class LostController extends Controller {
 	 * @return JSONResponse
 	 */
 	public function email($user){
+		if ($this->config->getSystemValue('lost_password_link', '') !== '') {
+			return new JSONResponse($this->error($this->l10n->t('Password reset is disabled')));
+		}
+
 		// FIXME: use HTTP error codes
 		try {
 			$this->sendEmail($user);
@@ -234,6 +246,10 @@ class LostController extends Controller {
 	 * @return array
 	 */
 	public function setPassword($token, $userId, $password, $proceed) {
+		if ($this->config->getSystemValue('lost_password_link', '') !== '') {
+			return $this->error($this->l10n->t('Password reset is disabled'));
+		}
+
 		if ($this->encryptionManager->isEnabled() && !$proceed) {
 			return $this->error('', array('encryption' => true));
 		}
diff --git a/core/js/lostpassword.js b/core/js/lostpassword.js
index 2f96911f1620a6618fd1adf084e6713988c0585d..1923b73a17921f5aa596444677a86e6c10c4959a 100644
--- a/core/js/lostpassword.js
+++ b/core/js/lostpassword.js
@@ -22,7 +22,9 @@ OC.Lostpassword = {
 		if (!$('#user').val().length){
 			$('#submit').trigger('click');
 		} else {
-			if (OC.config.lost_password_link) {
+			if (OC.config.lost_password_link === 'disabled') {
+				return;
+			} else if (OC.config.lost_password_link) {
 				window.location = OC.config.lost_password_link;
 			} else {
 				$.post(
diff --git a/tests/Core/Controller/LostControllerTest.php b/tests/Core/Controller/LostControllerTest.php
index d7d9094c485d4f745dad19f94835a96e85bc4894..d7098aafcc25466a1913e9e71e147d4faf43faa1 100644
--- a/tests/Core/Controller/LostControllerTest.php
+++ b/tests/Core/Controller/LostControllerTest.php
@@ -86,9 +86,13 @@ class LostControllerTest extends \Test\TestCase {
 			->willReturn('ExistingUser');
 
 		$this->config = $this->createMock(IConfig::class);
-		$this->config->method('getSystemValue')
-			->with('secret', null)
-			->willReturn('SECRET');
+		$this->config->expects($this->any())
+			->method('getSystemValue')
+			->willReturnMap([
+				['secret', null, 'SECRET'],
+				['secret', '', 'SECRET'],
+				['lost_password_link', '', ''],
+			]);
 		$this->l10n = $this->createMock(IL10N::class);
 		$this->l10n
 			->expects($this->any())
@@ -347,10 +351,6 @@ class LostControllerTest extends \Test\TestCase {
 			->method('send')
 			->with($message);
 
-		$this->config->method('getSystemValue')
-			->with('secret', '')
-			->willReturn('SECRET');
-
 		$this->crypto->method('encrypt')
 			->with(
 				$this->equalTo('12348:ThisIsMaybeANotSoSecretToken!'),
@@ -434,10 +434,6 @@ class LostControllerTest extends \Test\TestCase {
 			->method('send')
 			->with($message);
 
-		$this->config->method('getSystemValue')
-			->with('secret', '')
-			->willReturn('SECRET');
-
 		$this->crypto->method('encrypt')
 			->with(
 				$this->equalTo('12348:ThisIsMaybeANotSoSecretToken!'),
@@ -516,10 +512,6 @@ class LostControllerTest extends \Test\TestCase {
 			->with($message)
 			->will($this->throwException(new \Exception()));
 
-		$this->config->method('getSystemValue')
-			->with('secret', '')
-			->willReturn('SECRET');
-
 		$this->crypto->method('encrypt')
 			->with(
 				$this->equalTo('12348:ThisIsMaybeANotSoSecretToken!'),