LDAP Tool Box Self Service Password-Toy模板网

这篇具有很好参考价值的文章主要介绍了LDAP Tool Box Self Service Password。希望对大家有所帮助。如果存在错误或未考虑完全的地方，请大家不吝赐教，您也可以点击"举报违法"按钮提交疑问。

Self Service Password是什么，Self Service Password提供的什么功能

Self Service Password是一个用于重置和更改密码的Web应用程序，旨在提供一种方便的方式来管理密码。它是一个基于PHP的工具，可以与LDAP目录进行交互，以允许用户在不需要依赖管理员或访问密码的情况下更改其密码。通过Self Service Password，用户可以通过一个简单的Web界面访问其密码，并在需要时进行更改。这个应用程序还提供了许多安全功能，例如密码重置链接和双因素身份验证，以保护用户的账户和数据安全。

Self Service Password可以与各种LDAP目录服务进行交互，包括OpenLDAP、OpenDS、ApacheDS和Active Directory等。这意味着它可以在各种不同的环境中使用，而不仅仅是限制于特定于Microsoft Windows的环境的Active Directory。

总之，Self Service Password是一个功能强大的Web应用程序，可帮助用户更轻松地管理其密码，并提供各种安全功能以保护用户的账户和数据安全。

手册地址：https://self-service-password.readthedocs.io/en/latest/

安装要求：

Apache or another web server
php (>=7.4)
php-curl (haveibeenpwned api)
php-filter
php-gd (captcha)
php-ldap
php-mbstring (reset mail)
php-openssl (token crypt, probably built-in)
Smarty (version >=3) （php-smarty）

CentOS安装：

yum install yum-utils
rpm -ivh http://rpms.famillecollet.com/enterprise/remi-release-7.rpm
yum-config-manager --enable remi-php74
yum  install  php  php-gd  php-fpm  php-mbstring php-ldap php-filter php-curl  php-Smarty
vi etc/php-fpm.d/www.conf   #修改启动用户为nginx
systemctl enable php-fpm
#启动 php-fpm
systemctl start php-fpm
#下载self-service-password代码包
wget --no-check-certificate https://ltb-project.org/archives/ltb-project-self-service-password-1.5.3.tar.gz 
tar -zxvf ltb-project-self-service-password-1.5.3.tar.gz 
mv ltb-project-self-service-password-1.5.3 /usr/share/self-service-password
mv  /usr/share/php/Smarty/ /usr/share/php/smarty3/
chown nginx.nginx -R /usr/share/self-service-password/
chown nginx.nginx -R /var/log/php-fpm

官网Nginx 配置：

server {
	listen 80;
# Make site accessible from http://localhost/
	server_name selfpd.test.com.cn; #配置为实际主机名，邮件发送时链接以server_name的地址。
# Disable sendfile as per https://docs.vagrantup.com/v2/synced-folders/virtualbox.html
	sendfile off;
    gzip on;
    gzip_comp_level 6;
    gzip_min_length 1000;
    gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript application/javascript text/x-js;
    gzip_vary on;
    gzip_proxied any;
    gzip_disable "MSIE [1-6]\.(?!.*SV1)";
	access_log /data/logs/openresty/http_access.log http_log_access;
# pass the PHP scripts to FastCGI server listening on socket
	location / {
	        root /usr/share/self-service-password/htdocs;
	        index index.php index.html index.htm;
	}
	location ~ \.php {
	    root /usr/share/self-service-password/htdocs;
	    #fastcgi_pass unix:/var/run/php-fpm.socket;
	    fastcgi_pass 127.0.0.1:9000;
	    fastcgi_split_path_info       ^(.+\.php)(/.+)$;
	    fastcgi_param PATH_INFO       $fastcgi_path_info;
	    fastcgi_param PATH_TRANSLATED $document_root$fastcgi_path_info;
	    fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
	    fastcgi_index index.php;
	        try_files $fastcgi_script_name =404;
	    fastcgi_read_timeout 600;
	    include fastcgi_params;
	}
    error_page 404 /404.html;
    location = /404.html {
            root /usr/share/nginx/html;
            internal;
	}
# deny access to . files, for security
#
	location ~ /\. {
	        log_not_found off;
	        deny all;
	}
	location ~ /scripts {
	        log_not_found off;
	        deny all;
	}
}

官网建议配置php.ini:
/etc/php.ini

session.save_path = /tmp
upload_max_filesize = 10M
post_max_size = 16M
max_execution_time = 600
request_terminate_timeout = 600
expose_php = Off
output_buffering = 4096

配置提示语

/usr/share/self-service-password/lang/zh-CN.inc.php

配置文件配置示例：
/usr/share/self-service-password/conf/config.inc.php

$use_captcha = true; #开启验证码
$use_sms = false; #关闭短信重置
$use_questions = false;#关闭问题重置
#ldap配置
# LDAP
$ldap_url = "ldap://127.0.0.1:389";
$ldap_starttls = false;
$ldap_binddn = "cn=admin,dc=test,dc=com";
$ldap_bindpw = '********';
// for GSSAPI authentication, comment out ldap_bind* and uncomment ldap_krb5ccname lines
//$ldap_krb5ccname = "/path/to/krb5cc";
$ldap_base = "dc=test,dc=com";
$ldap_login_attribute = "sn";#默认为uid
$ldap_fullname_attribute = "cn";
$ldap_filter = "(&(objectClass=person)($ldap_login_attribute={login}))";
$ldap_use_exop_passwd = false;
$ldap_use_ppolicy_control = false;
$keyphrase = "secret@hssssaaak";#需要更改,不然访问报错
**#邮件配置：**
# Token lifetime in secondst重置密码链接的有效时间
$token_lifetime = "300";

## Mail
# LDAP mail attribute
$mail_attributes = array( "mail", "gosaMailAlternateAddress", "proxyAddresses" );
# Get mail address directly from LDAP (only first mail entry)
# and hide mail input field
# default = false
$mail_address_use_ldap = true; #密码找回不需要输入邮箱
# Who the email should come from
$mail_from = "xxxxx@163.com";
$mail_from_name = "ldappass";
$mail_signature = "本邮件为通过密码自助修改LDAP账号密码，无需回复,此链接有效时间5分钟";
# Notify users anytime their password is changed
$notify_on_change = false;
# PHPMailer configuration (see https://github.com/PHPMailer/PHPMailer)
$mail_sendmailpath = '/usr/sbin/sendmail';
$mail_protocol = 'smtp';
$mail_smtp_debug = 0;
$mail_debug_format = 'html';
$mail_smtp_host = 'smtphm.qiye.163.com';
$mail_smtp_auth = true;
$mail_smtp_user = 'xxxxx@163.com';
$mail_smtp_pass = '授权码';
$mail_smtp_port = 25;
$mail_smtp_timeout = 30;
$mail_smtp_keepalive = false;
$mail_smtp_secure = '';
#$mail_smtp_secure = 'tls';
$mail_smtp_autotls = true;
$mail_smtp_options = array();
$mail_contenttype = 'text/plain';
$mail_wordwrap = 0;
$mail_charset = 'utf-8';
$mail_priority = 3;

……………………
# Hash mechanism for password:
$hash = "MD5";设置重置密码时的加密算法，默认clear，为明文