self-service-password (自动重置密码服务)

4532132

self-service-password 介绍


self-service-password 用来更新、修改、重制用户的密码，上述行为均是用户自己完成。


支持服务

    Apache

    General parameters

    LDAP connection

    Password policy

    Reset by questions

    Reset by mail tokens

    Reset by SMS

    Mail

    reCAPTCHA

    Post Hook

此文仅介绍LDAP connection,如想了解其他，请参考：http://ltb-project.org/wiki/docu ... -password/1.1/start
下载及安装

下载链接

http://ltb-project.org/wiki/download

安装方式官方有多种，可以通过配置apt-get源或者yum源，但是由于网络原因，本文采用deb/rpm包的方式安装
Centos系列


$ sudo yum localinstall self-service-password_1.0-2_all.rpm -y

$ sudo rpm -ql self-service-password

Debian系列


$ sudo dpkg -i self-service-password_1.0-2_all.deb

$ sudo dpkg -L self-service-password #查看安装目录

配置并启动
修改配置文件 self-service-password/conf/config.inc.php
Server address


$ldap_url = "ldap://localhost:389";

You can set several URI, so that next server will be tried if the previous is down:



$ldap_url = "ldap://server1 ldap://server2";

To use SSL, set ldaps in the URI:



$ldap_url = "ldaps://localhost";

To use StartTLS, set true in $ldap_starttls:

$ldap_starttls = true;

Credentials

Configure DN and password in $ldap_bindn and $ldap_bindpw:


$ldap_binddn = "cn=manager,dc=example,dc=com";

$ldap_bindpw = "secret";

To use user's credentials when writing in LDAP directory, replace manager with user in $who_change_password:

$who_change_password = "user";

Search parameters

You can set the base of the search in $ldap_base:


$ldap_base = "dc=example,dc=com";

The filter can be set in $ldap_filter:

$ldap_filter = "(&(objectClass=person)(uid={login}))";

$ldap_filter = "(&(objectClass=xxxxx)(uid={login}))";  # 此配置为公司配置，xxxx是自定义的objectClass

meiqia configuration


#========================== ldap configuration==========================================#

# ldap configuration


$ldap_url = "LDAP_SERVER";

$ldap_starttls = false;

$ldap_binddn = "cn=Directory Manager";

$ldap_bindpw = "Please look 1password";

$ldap_base = "ou=People,dc=test,dc=com";

$ldap_login_attribute = "uid";

$ldap_fullname_attribute = "authPasswordObject";

#========================== LDAP mail attribute==========================================#

# LDAP mail attribute

$mail_attribute = "mail";

# Who the email should come from

$mail_from = "MAIL_FROM";

$mail_from_name = "Self Service LDAP Password";

# Notify users anytime their password is changed

$notify_on_change = false;

# PHPMailer configuration (see https://github.com/PHPMailer/PHPMailer)

$mail_sendmailpath = '/usr/sbin/sendmail';

$mail_protocol = 'smtp';

$mail_smtp_debug = 0;

$mail_debug_format = 'html';

$mail_smtp_host = 'MAIL_HOST';

$mail_smtp_auth = true;

$mail_smtp_user = 'MAIL_USER';

$mail_smtp_pass = 'MAIL PASSWORD';

$mail_smtp_port = 25;

$mail_smtp_timeout = 30;

$mail_smtp_keepalive = false;

#$mail_smtp_secure = 'tls';

$mail_contenttype = 'text/plain';

$mail_charset = 'utf-8';

$mail_priority = 3;

$mail_newline = PHP_EOL;