ldap 自助密碼修改程式 self-service-password (基於php)
官方簡介:
Self Service Password is a PHP application that allows users to change their password in an LDAP directory.
The application can be used on standard LDAPv3 directories (OpenLDAP, OpenDS, ApacheDS, Sun Oracle DSEE, Novell, etc.) and also on Active Directory.
It has the following features:
-
Samba mode to change Samba passwords
-
Active directory mode
-
Local password policy:
-
Minimum/maximum length
-
Forbidden characters
-
Upper, Lower, Digit or Special characters counters
-
Reuse old password check
-
Complexity (different class of characters)
-
-
Help messages
-
Reset by questions
-
Reset by mail challenge (token sent by mail)
-
Reset by SMS (through external Email 2 SMS service)
-
reCAPTCHA (Google API)
-
Mail notification after password change
環境需求: apache 、 php環境 yum -y install http php php-ldap mysql
軟體安裝:
一、yum 安裝此軟體
cat >> /etc/yum.repos.d/ltb-project.repo << “EOF” [ltb-project-noarch] name=LTB project packages (noarch) baseurl=https://ltb-project.org/rpm/$releasever/noarch enabled=1 gpgcheck=0 gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-LTB-project EOF
2、安裝 yum -y install self-service-password
二、如果倉庫安裝不成功,手動安裝
yum -y install apr libzip php-common apr-util http-tools mailcap.noarch php-cli php-ldap php-mcrypt sendmail
重啟systemctl restart httpd
三、配置apache依賴
cat > /etc/httpd/conf.d/self-service-password.conf << “EOF”
Listen 8888
<VirtualHost *:8888>
ServerAdmin myself.ldap.com
DocumentRoot /var/www/html/self-service-password
DirectoryIndex index.php
AddDefaultCharset UTF-8
Alias /ssp /var/www/html/self-service-password
<Directory “ /var/www/html/self-service-password”>
AllowOverride None
Require all granted
</Directory>
LogLevel warn
ErrorLog /var/log/httpd/ssp_error_log
CustomLog /var/log/httpd/ssp_access_log combined
</VirtualHost>
EOF
重啟systemctl restart httpd
vim /var/www/html/self-service-password/conf/config.inc.php
#######配置依賴ldap#########
$ldap_url = "ldap://192.168.5.121:389";
$ldap_starttls = false;
$ldap_binddn = "cn=admin,dc=ldap,dc=com";
$ldap_bindpw = "123456";
$ldap_base = "ou=people,dc=ldap,dc=com";
$ldap_login_attribute = "cn";
$ldap_fullname_attribute = "cn";
$ldap_filter = "(&(objectClass=inetOrgPerson)($ldap_login_attribute={login}))";
$keyphrase = "ilanni";
#######配置依賴mail#############
$mail_attribute = "mail";
$mail_address_use_ldap = false;
$mail_from = [email protected]";
$mail_from_name = "Self Service Password";
$mail_signature = "";
# Notify users anytime their password is changed
$notify_on_change = true;
# PHPMailer configuration (see https://github.com/PHPMailer/PHPMailer)
$mail_sendmailpath = '/usr/sbin/sendmail';
$mail_protocol = 'smtp';
$mail_smtp_debug = 2;
$mail_debug_format = 'error_log';
$mail_smtp_host = 'mail.com.cn';
$mail_smtp_auth = "login";
$mail_smtp_user = '[email protected]';
$mail_smtp_pass = '1234567890';
$mail_smtp_port = 25;
$mail_smtp_timeout = 30;
$mail_smtp_keepalive = false;
$mail_smtp_secure = '';
$mail_smtp_autotls = true;
$mail_contenttype = 'text/plain';
$mail_wordwrap = 0;
$mail_charset = 'utf-8';
$mail_priority = 3;
$mail_newline = PHP_EOL;
配置完成後 重啟systemctl restart httpd
五、訪問 http://192.168.5.121:8888
注:
menu.php 選項配置
images 圖片 頭 ico logo 儲存
lang 語言包
lang/zh-CN.inc.php 中文提示訊息等 儲存