self-service-password (自动重置密码服务)

阴高刚
2023-12-01


self-service-password 介绍


self-service-password 用来更新、修改、重制用户的密码,上述行为均是用户自己完成。


支持服务

  • Apache

  • General parameters

  • LDAP connection

  • Password policy

  • Reset by questions

  • Reset by mail tokens

  • Reset by SMS

  • Mail

  • reCAPTCHA

  • Post Hook

此文仅介绍LDAP connection,如想了解其他,请参考:http://ltb-project.org/wiki/documentation/self-service-password/1.1/start

下载及安装

下载链接

http://ltb-project.org/wiki/download

安装方式官方有多种,可以通过配置apt-get源或者yum源,但是由于网络原因,本文采用deb/rpm包的方式安装

Centos系列


$ sudo yum localinstall self-service-password_1.0-2_all.rpm -y

$ sudo rpm -ql self-service-password

Debian系列


$ sudo dpkg -i self-service-password_1.0-2_all.deb

$ sudo dpkg -L self-service-password #查看安装目录

配置并启动

修改配置文件 self-service-password/conf/config.inc.php

Server address

$ldap_url = "ldap://localhost:389";

You can set several URI, so that next server will be tried if the previous is down:



$ldap_url = "ldap://server1 ldap://server2";

To use SSL, set ldaps in the URI:



$ldap_url = "ldaps://localhost";

To use StartTLS, set true in $ldap_starttls:

$ldap_starttls = true;

Credentials

Configure DN and password in $ldap_bindn and $ldap_bindpw:


$ldap_binddn = "cn=manager,dc=example,dc=com";

$ldap_bindpw = "secret";

To use user's credentials when writing in LDAP directory, replace manager with user in $who_change_password:

$who_change_password = "user";

Search parameters

You can set the base of the search in $ldap_base:


$ldap_base = "dc=example,dc=com";

The filter can be set in $ldap_filter:

$ldap_filter = "(&(objectClass=person)(uid={login}))";

$ldap_filter = "(&(objectClass=xxxxx)(uid={login}))";  # 此配置为公司配置,xxxx是自定义的objectClass

meiqia configuration

#========================== ldap configuration==========================================#

# ldap configuration


$ldap_url = "LDAP_SERVER";

$ldap_starttls = false;

$ldap_binddn = "cn=Directory Manager";

$ldap_bindpw = "Please look 1password";

$ldap_base = "ou=People,dc=test,dc=com";

$ldap_login_attribute = "uid";

$ldap_fullname_attribute = "authPasswordObject";

#========================== LDAP mail attribute==========================================#

# LDAP mail attribute

$mail_attribute = "mail";

# Who the email should come from

$mail_from = "MAIL_FROM";

$mail_from_name = "Self Service LDAP Password";

# Notify users anytime their password is changed

$notify_on_change = false;

# PHPMailer configuration (see https://github.com/PHPMailer/PHPMailer)

$mail_sendmailpath = '/usr/sbin/sendmail';

$mail_protocol = 'smtp';

$mail_smtp_debug = 0;

$mail_debug_format = 'html';

$mail_smtp_host = 'MAIL_HOST';

$mail_smtp_auth = true;

$mail_smtp_user = 'MAIL_USER';

$mail_smtp_pass = 'MAIL PASSWORD';

$mail_smtp_port = 25;

$mail_smtp_timeout = 30;

$mail_smtp_keepalive = false;

#$mail_smtp_secure = 'tls';

$mail_contenttype = 'text/plain';

$mail_charset = 'utf-8';

$mail_priority = 3;

$mail_newline = PHP_EOL;

其他配置请参考:http://ltb-project.org/wiki/documentation/self-service-password/1.1/config_ldap

 类似资料: