self-service-password 介绍
self-service-password 用来更新、修改、重制用户的密码,上述行为均是用户自己完成。
支持服务
Apache
General parameters
LDAP connection
Password policy
Reset by questions
Reset by mail tokens
Reset by SMS
reCAPTCHA
Post Hook
此文仅介绍LDAP connection,如想了解其他,请参考:http://ltb-project.org/wiki/documentation/self-service-password/1.1/start
下载链接
http://ltb-project.org/wiki/download
安装方式官方有多种,可以通过配置apt-get源或者yum源,但是由于网络原因,本文采用deb/rpm包的方式安装
$ sudo yum localinstall self-service-password_1.0-2_all.rpm -y
$ sudo rpm -ql self-service-password
$ sudo dpkg -i self-service-password_1.0-2_all.deb
$ sudo dpkg -L self-service-password #查看安装目录
self-service-password/conf/config.inc.php
$ldap_url = "ldap://localhost:389";
You can set several URI, so that next server will be tried if the previous is down:
$ldap_url = "ldap://server1 ldap://server2";
To use SSL, set ldaps in the URI:
$ldap_url = "ldaps://localhost";
To use StartTLS, set true in $ldap_starttls:
$ldap_starttls = true;
Configure DN and password in $ldap_bindn
and $ldap_bindpw
:
$ldap_binddn = "cn=manager,dc=example,dc=com";
$ldap_bindpw = "secret";
To use user's credentials when writing in LDAP directory, replace manager with user in $who_change_password:
$who_change_password = "user";
You can set the base of the search in $ldap_base:
$ldap_base = "dc=example,dc=com";
The filter can be set in $ldap_filter:
$ldap_filter = "(&(objectClass=person)(uid={login}))";
$ldap_filter = "(&(objectClass=xxxxx)(uid={login}))"; # 此配置为公司配置,xxxx是自定义的objectClass
#========================== ldap configuration==========================================#
# ldap configuration
$ldap_url = "LDAP_SERVER";
$ldap_starttls = false;
$ldap_binddn = "cn=Directory Manager";
$ldap_bindpw = "Please look 1password";
$ldap_base = "ou=People,dc=test,dc=com";
$ldap_login_attribute = "uid";
$ldap_fullname_attribute = "authPasswordObject";
#========================== LDAP mail attribute==========================================#
# LDAP mail attribute
$mail_attribute = "mail";
# Who the email should come from
$mail_from = "MAIL_FROM";
$mail_from_name = "Self Service LDAP Password";
# Notify users anytime their password is changed
$notify_on_change = false;
# PHPMailer configuration (see https://github.com/PHPMailer/PHPMailer)
$mail_sendmailpath = '/usr/sbin/sendmail';
$mail_protocol = 'smtp';
$mail_smtp_debug = 0;
$mail_debug_format = 'html';
$mail_smtp_host = 'MAIL_HOST';
$mail_smtp_auth = true;
$mail_smtp_user = 'MAIL_USER';
$mail_smtp_pass = 'MAIL PASSWORD';
$mail_smtp_port = 25;
$mail_smtp_timeout = 30;
$mail_smtp_keepalive = false;
#$mail_smtp_secure = 'tls';
$mail_contenttype = 'text/plain';
$mail_charset = 'utf-8';
$mail_priority = 3;
$mail_newline = PHP_EOL;
其他配置请参考:http://ltb-project.org/wiki/documentation/self-service-password/1.1/config_ldap