之前有介绍OpenLDAP安装与配置: CentOS7下搭建OpenLDAP服务器
这里为了测试方便,我直接使用群晖LDAP Server服务进行测试
一、配置webtatic源安装php7.2环境
wget https://mirror.webtatic.com/yum/el7/webtatic-release.rpm yum localinstall webtatic-release.rpm
yum -y install php72w php72w-fpm php72w-cli php72w-common php72w-gd php72w-ldap php72w-mbstring
vi /etc/php.ini 时区配置 date.timezone = Asia/Shanghai
systemctl enable php-fpm.service systemctl start php-fpm.service
二、安装 self-service-password
https://ltb-project.org/download.html
下载地址
https://ltb-project.org/archives/self-service-password-1.4.3-1.el7.noarch.rpm
yum localinstall self-service-password-1.4.3-1.el7.noarch.rpm
会自动使用EPEL源安装php72w-Smarty
三、安装web中间件并修改配置文件
我这里使用nginx,当然你也可以安装httpd
yum install nginx -y
修改nginx配置文件
vi /etc/nginx/nginx.conf
server段修改成如下行
server { listen 80; listen [::]:80; root /usr/share/self-service-password/htdocs/; index index.php index.html index.htm; # Make site accessible from http://localhost/ server_name _; # Disable sendfile as per https://docs.vagrantup.com/v2/synced-folders/virtualbox.html sendfile off; gzip on; gzip_comp_level 6; gzip_min_length 1000; gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript application/javascript text/x-js; gzip_vary on; gzip_proxied any; gzip_disable "MSIE [1-6]\.(?!.*SV1)"; # Add stdout logging error_log /var/log/nginx/ldapssp_error.log warn; access_log /var/log/nginx/ldapssp_access.log main; # pass the PHP scripts to FastCGI server listening on socket # location ~ \.php { #fastcgi_pass unix:/var/run/php-fpm.socket; fastcgi_pass 127.0.0.1:9000; fastcgi_split_path_info ^(.+\.php)(/.+)$; fastcgi_param PATH_INFO $fastcgi_path_info; fastcgi_param PATH_TRANSLATED $document_root$fastcgi_path_info; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_index index.php; try_files $fastcgi_script_name =404; fastcgi_read_timeout 600; include fastcgi_params; } error_page 404 /404.html; location = /404.html { root /usr/share/nginx/html; internal; } # deny access to . files, for security # location ~ /\. { log_not_found off; deny all; } location ~ /scripts { log_not_found off; deny all; } }
systemctl start nginx systemctl enable nginx firewall-cmd --permanent --zone=public --add-port=80/tcp firewall-cmd --reload
这时打开web界面会提示
Token encryption requires a random string in keyphrase setting
原因与解决办法:
五、修改
cd /usr/share/self-service-password/conf/ vim config.inc.php
我这里已经修改好了, 直接上传即可
可以联系微信yuanfan2012索要本文的相关安装包与配置文件
六、AD域密码重置与修改功能测试
- 1、密码重置能用邮件重置的前提是这个AD域用户有登记这个邮箱地址!
用重置后的密码登录,测试OK
2、密码修改
Tips
- 1、定制化标题和页面中的文字内容
vi /usr/share/self-service-password/lang/zh-CN.inc.php
- 2、本文参考如下链接完成
https://www.cnblogs.com/Fmaj7/p/15791366.html https://www.ilanni.com/?p=13822 https://www.yeboyzq.com/linux/ruanjiananzhuangweihu/1117.html https://blog.51cto.com/u_10630242/2538982 https://self-service-password.readthedocs.io/en/stable/installation.html#centos-redhat https://blog.csdn.net/yanchuandong/article/details/119598665 https://blog.csdn.net/qq461391728/article/details/115867721?ops_request_misc=%257B%2522request%255Fid%2522%253A%2522162848744116780265427748%2522%252C%2522scm%2522%253A%252220140713.130102334..%2522%257D&request_id=162848744116780265427748&biz_id=0&utm_medium=distribute.pc_search_result.none-task-blog-2~all~sobaiduend~default-1-115867721.pc_search_result_control_group&utm_term=self+service+password+%E5%9F%9F%E8%B4%A6%E5%8F%B7&spm=1018.2226.3001.4187 https://self-service-password.readthedocs.io/en/stable/installation.html