self-service-password 介绍
self-service-password 用来更新、修改、重制用户的密码,上述行为均是用户自己完成。
支持服务
-
Apache
-
General parameters
-
LDAP connection
-
Password policy
-
Reset by questions
-
Reset by mail tokens
-
Reset by SMS
-
Mail
-
reCAPTCHA
-
Post Hook
此文仅介绍LDAP connection,如想了解其他,请参考:http://ltb-project.org/wiki/documentation/self-service-password/1.1/start
下载及安装
下载链接
http://ltb-project.org/wiki/download
安装方式官方有多种,可以通过配置apt-get源或者yum源,但是由于网络原因,本文采用deb/rpm包的方式安装
Centos系列
$ sudo yum localinstall self-service-password_1.0-2_all.rpm -y$ sudo rpm -ql self-service-password
AI 代码解读
Debian系列
$ sudo dpkg -i self-service-password_1.0-2_all.deb$ sudo dpkg -L self-service-password #查看安装目录
AI 代码解读
配置并启动
修改配置文件 self-service-password/conf/config.inc.php
Server address
$ldap_url = "ldap://localhost:389";
You can set several URI, so that next server will be tried if the previous is down:$ldap_url = "ldap://server1 ldap://server2";
To use SSL, set ldaps in the URI:$ldap_url = "ldaps://localhost";
To use StartTLS, set true in $ldap_starttls:$ldap_starttls = true;
AI 代码解读
Credentials
Configure DN and password in $ldap_bindn
and $ldap_bindpw
:
$ldap_binddn = "cn=manager,dc=example,dc=com";$ldap_bindpw = "secret";
To use user's credentials when writing in LDAP directory, replace manager with user in $who_change_password:
$who_change_password = "user";
AI 代码解读
Search parameters
You can set the base of the search in $ldap_base:
$ldap_base = "dc=example,dc=com";
The filter can be set in $ldap_filter:$ldap_filter = "(&(objectClass=person)(uid={login}))";$ldap_filter = "(&(objectClass=xxxxx)(uid={login}))"; # 此配置为公司配置,xxxx是自定义的objectClass
AI 代码解读
meiqia configuration
#========================== ldap configuration==========================================## ldap configuration$ldap_url = "LDAP_SERVER";$ldap_starttls = false;$ldap_binddn = "cn=Directory Manager";$ldap_bindpw = "Please look 1password";$ldap_base = "ou=People,dc=test,dc=com";$ldap_login_attribute = "uid";$ldap_fullname_attribute = "authPasswordObject";#========================== LDAP mail attribute==========================================## LDAP mail attribute$mail_attribute = "mail";# Who the email should come from$mail_from = "MAIL_FROM";$mail_from_name = "Self Service LDAP Password";# Notify users anytime their password is changed$notify_on_change = false;# PHPMailer configuration (see https://github.com/PHPMailer/PHPMailer)$mail_sendmailpath = '/usr/sbin/sendmail';$mail_protocol = 'smtp';$mail_smtp_debug = 0;$mail_debug_format = 'html';$mail_smtp_host = 'MAIL_HOST';$mail_smtp_auth = true;$mail_smtp_user = 'MAIL_USER';$mail_smtp_pass = 'MAIL PASSWORD';$mail_smtp_port = 25;$mail_smtp_timeout = 30;$mail_smtp_keepalive = false;#$mail_smtp_secure = 'tls';$mail_contenttype = 'text/plain';$mail_charset = 'utf-8';$mail_priority = 3;$mail_newline = PHP_EOL;
AI 代码解读
其他配置请参考:http://ltb-project.org/wiki/documentation/self-service-password/1.1/config_ldap
本文转自 赵大鑫 51CTO博客,原文链接:http://blog.51cto.com/xinzong/1892360,如需转载请自行联系原作者