self service password 邮件修改_OpenLDAP配置self-service-pwd亲测可用

一.LDAP安装环节此处省略，LDAP 安装

二.安装self-service-password

[root@ldap-35~]#yum -y install http://rpms.remirepo.net/enterprise/remi-release-7.rpm

[root@ldap-35 ~]#yum -y install yum-utils

[root@ldap-35 ~]#yum-config-manager --enable remi-php56

[root@ldap-35 ~]#yum -y install php php-mcrypt php-cli php-gd php-curl php-mysql php-ldap php-zip php-fileinfo php-xml httpd

[root@ldap-35~]#yum install https://ltb-project.org/rpm/6Server/noarch/self-service-password-1.1-1.el6.noarch.rpm

[root@ldap-35~]#cat/usr/share/self-service-password/conf/config.inc.php

# LDAP

$ldap_url = "ldap://192.168.1.35";

$ldap_starttls = false;

$ldap_binddn= "cn=Manger,dc=ldap.xxx,dc=com";

$ldap_bindpw = "admin@123";

#$ldap_base= "ou=People,dc=ldap.xxx,dc=com";

###这里根据情况配置组织，我因为做gitlab的密码修改，所以注释了此行。

$ldap_base= "ou=Gitlab,dc=ldap.xx,dc=com";

$ldap_login_attribute = "cn";

$ldap_fullname_attribute = "cn";

$ldap_filter = "(&(objectClass=person)($ldap_login_attribute={login}))";

$who_change_password = "manager";

# Active Directory mode

# true: use unicodePwd as password field

# false: LDAPv3 standard behavior

$ad_mode = false;

# Force account unlock when password is changed

$ad_options['force_unlock'] = false;

# Force user change password at next login

$ad_options['force_pwd_change'] = false;

# Allow user with expired password to change password

$ad_options['change_expired_password'] = false;

#$use_questions= false;

#$use_sms = true;

## Mail

# LDAP mail attribute

$mail_attribute = "mail";

# Get mail address directly from LDAP (only first mail entry)

# and hide mail input field

# default = false

$mail_address_use_ldap = false;

# Who the email should come from

$mail_from= "itsupport@escopetech.com";

$mail_from_name = "PassWord Update";

$mail_signature = "";

# Notify users anytime their password is changed

$notify_on_change = true;

# PHPMailer configuration (see https://github.com/PHPMailer/PHPMailer)

$mail_sendmailpath= '/usr/sbin/sendmail';###需要安装yum -y install sendmail

$mail_protocol = 'smtp';

$mail_smtp_debug = 0;

$mail_debug_format = 'html';

$mail_smtp_host = 'smtp.mxhichina.com';

$mail_smtp_auth = true;

$mail_smtp_user = 'itsupport@xxxx.com';#邮箱账号

$mail_smtp_pass = 'admin@123';#邮箱密码

$mail_smtp_port = 465;

$mail_smtp_timeout = 30;

$mail_smtp_keepalive = false;

$mail_smtp_secure = 'ssl';

$mail_contenttype = 'text/plain';

$mail_wordwrap = 0;

$mail_charset = 'utf-8';

$mail_priority = 3;

$mail_newline = PHP_EOL;

[root@ldap-35 ~]#systemctl restart httpd

三.测试密码验证

谷歌输入192.168.1.35

四.Gitlab Ldap配置

因为我正式环境是Ubuntu18.04版本，若是centos 7版本仅供参考

root@gitlab21:~# cat /etc/gitlab/gitlab.rb

#### LDAP Settings

gitlab_rails['ldap_enabled'] = true

gitlab_rails['ldap_servers'] = YAML.load <

label: 'LDAP'

host: '192.168.1.35'

port: 389

uid: 'cn'

bind_dn: 'cn=Manager,dc=ldap.XXX,dc=com'

password: 'admin@123'

encryption: 'plain'#"start_tls"or "simple_tls" or "plain"

active_directory: false

allow_username_or_email_login: false

block_auto_created_users: false

base: 'ou=Gitlab,dc=ldap.XXX,dc=com'

user_filter: ''

EOS

五.Gitlab登录页面插入密码修改超链接

gitlab的sign_in页面的页脚内容在/opt/gitlab/embedded/service/gitlab-rails/app/views/layouts/下的devise*.haml两个ruby文件中。

devise.html.haml

devise_empty.html.haml

root@gitlab21:/opt/gitlab/embedded/service/gitlab-rails/app/views/layouts# cat devise_empty.html.haml

.footer-links

= link_to _("Explore"), explore_root_path

= link_to _("Help"), help_path

= link_to _("Change Password GitLab LDAP"), "http://192.168.1.35/index.php?action=sendtoken",target:' _blank' ##修改为加红的字段

= footer_message

root@gitlab21:/opt/gitlab/embedded/service/gitlab-rails/app/views/layouts# cat devise.html.haml

.footer-links

= link_to _("Explore"), explore_root_path

= link_to _("Help"), help_path

= link_to _("Change Password GitLab LDAP"), "http://192.168.1.35/index.php?action=sendtoke",target:' _blank' ##修改为加红的字段

= footer_message

root@gitlab21:~# gitlab-ctl restart

gitlab密码超链接修改