====== Self Service Password ======

<note tip>Documentation for version 0.3</note>

===== Installation =====

To install it:
<code>
# tar zxvf ltb-project-self-service-password-VERSION.tar.gz
# mv ltb-project-self-service-password-VERSION /usr/local/self-service-password
</code>

You can configure a virtual host on Apache for this application:
<code>
<VirtualHost *:80>
        ServerName ssp.example.com

        DocumentRoot /usr/local/self-service-password
        DirectoryIndex index.php

        AddDefaultCharset UTF-8

        LogLevel warn
        ErrorLog /var/log/apache2/ssp_error.log
        CustomLog /var/log/apache2/ssp_access.log combined
</VirtualHost>
</code>

===== Configuration =====

Edit the configuration file (config.inc.php):
<code>
# vi /usr/local/ltb-self-service-password/config.inc.php
</code>

Parameters are the following:
  * $ldap_url: LDAP URL, like <html>ldap://myserver</html>
  * $ldap_binddn: Manager DN (not mandatory)
  * $ldap_bindpw: Manager password (not mandatory)
  * $ldap_base: Base of search (users branch)
  * $ldap_filter: Filter to find the user (the string {login} is replaced by submitted login)
  * $ad_mode: Set to true if you use Active Directory
  * $samba_mode : Set to true to change Samba password too (modify sambaNTpassword and sambaPwdLastSet attributes)
  * $hash: Password hashing. Default is "clear". This option is ignored with $ad_mode. Available hashing are:
    * SHA
    * SSHA
    * MD5
    * SMD5
    * CRYPT
  * $pwd_min_lenght: Minimal length
  * $pwd_max_lenght: Maximal length
  * $pwd_min_lower: Minimal lower characters
  * $pwd_min_upper: Minimal upper characters
  * $pwd_min_digit: Minimal digit
  * $pwd_show_policy: Set to true to display password policy constraints on the page
  * $who_change_password: Set "user" if the user do the modification on the directory or "manager" else (depending on ACLs)
  * $lang: Choose "en", "fr" or "de"
  * $logo: Path to image logo
  * $debug: Set to true to print debug information

===== Active Directory =====

If you use Active Directory, you should adapt the configuration:
  * You must use SSL, so use <html>ldaps://</html> in $ldap_url
  * Activate $ad_mode
  * Use this filter: (&(objectClass=user)(sAMAccountName={login}))

===== Tips =====

You can fill the login field by setting the value in the URL, like http://ssp.example.com/?login=mylogin. This is usefull if you link to this page from another program which already knows the user login.