ldap 自助密码修改程序 self-service-password (基于php）

官方网站：https://ltb-project.org/doku.php

官方简介：

Self Service Password is a PHP application that allows users to change their password in an LDAP directory.

The application can be used on standard LDAPv3 directories (OpenLDAP, OpenDS, ApacheDS, Sun Oracle DSEE, Novell, etc.) and also on Active Directory.

It has the following features:

• Samba mode to change Samba passwords

• Active directory mode

• Local password policy:

  • Minimum/maximum length

  • Forbidden characters

  • Upper, Lower, Digit or Special characters counters

  • Reuse old password check

  • Complexity (different class of characters)

• Help messages

• Reset by questions

• Reset by mail challenge (token sent by mail)

• Reset by SMS (through external Email 2 SMS service)

• reCAPTCHA (Google API)

• Mail notification after password change

官方下载地址：https://github.com/ltb-project/self-service-password

csdn下载地址：https://download.csdn.net/download/zhangxueleishamo/10633202

环境需求： apache 、 php环境  yum -y install http php php-ldap mysql

ldap环境 安装 https://blog.csdn.net/zhangxueleishamo/article/details/81512157

软件安装：

一、yum 安装此软件

1、配置self-service-password的yum仓库

cat >> /etc/yum.repos.d/ltb-project.repo << “EOF”
[ltb-project-noarch]
name=LTB project packages (noarch)
baseurl=https://ltb-project.org/rpm/$releasever/noarch
enabled=1
gpgcheck=0
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-LTB-project
EOF

2、安装 yum -y install self-service-password

二、如果仓库安装不成功，手动安装

yum -y install apr libzip php-common apr-util http-tools mailcap.noarch php-cli php-ldap php-mcrypt sendmail

重启systemctl restart httpd

三、配置apache依赖

cat > /etc/httpd/conf.d/self-service-password.conf << “EOF”
Listen 8888
<VirtualHost *:8888>
ServerAdmin myself.ldap.com
DocumentRoot /var/www/html/self-service-password
DirectoryIndex index.php
AddDefaultCharset UTF-8
Alias /ssp /var/www/html/self-service-password
<Directory “ /var/www/html/self-service-password”>
AllowOverride None
Require all granted
</Directory>
LogLevel warn
ErrorLog /var/log/httpd/ssp_error_log
CustomLog /var/log/httpd/ssp_access_log combined
</VirtualHost>
EOF

重启systemctl restart httpd

四、配置self-service-password 配置文件

vim /var/www/html/self-service-password/conf/config.inc.php

#######配置依赖ldap#########

$ldap_url = "ldap://192.168.5.121:389";
$ldap_starttls = false;
$ldap_binddn = "cn=admin,dc=ldap,dc=com";
$ldap_bindpw = "123456";
$ldap_base = "ou=people,dc=ldap,dc=com";
$ldap_login_attribute = "cn";
$ldap_fullname_attribute = "cn";
$ldap_filter = "(&(objectClass=inetOrgPerson)($ldap_login_attribute={login}))";
$keyphrase = "ilanni";

#######配置依赖mail#############

注：邮件相关配置参考https://blog.csdn.net/zhangxueleishamo/article/details/82453879中mailx的配置

$mail_attribute = "mail";
$mail_address_use_ldap = false;
$mail_from = monit@mail.com.cn";
$mail_from_name = "Self Service Password";
$mail_signature = "";
# Notify users anytime their password is changed
$notify_on_change = true;
# PHPMailer configuration (see https://github.com/PHPMailer/PHPMailer)
$mail_sendmailpath = '/usr/sbin/sendmail';
$mail_protocol = 'smtp';
$mail_smtp_debug = 2;
$mail_debug_format = 'error_log';
$mail_smtp_host = 'mail.com.cn';
$mail_smtp_auth = "login";
$mail_smtp_user = 'monit@mail.com.cn';
$mail_smtp_pass = '1234567890';
$mail_smtp_port = 25;
$mail_smtp_timeout = 30;
$mail_smtp_keepalive = false;
$mail_smtp_secure = '';
$mail_smtp_autotls = true;
$mail_contenttype = 'text/plain';
$mail_wordwrap = 0;
$mail_charset = 'utf-8';
$mail_priority = 3;
$mail_newline = PHP_EOL;

配置完成后 重启systemctl restart httpd

五、访问 http://192.168.5.121:8888   

注：

menu.php   选项配置

images  图片 头 ico logo 存储

lang 语言包

lang/zh-CN.inc.php   中文提示消息等 存储