Search
Ohloh statistics
Hosted by
LDAP Tool Box project: even LDAP administrators need help
LDAP connection
self-service-password/config.inc.php
Server address
Use an LDAP URI to configure the location of your LDAP server in $ldap_url:
$ldap_url = "ldap://localhost:389";
You can set several URI, so that next server will be tried if the previous is down:
$ldap_url = "ldap://server1 ldap://server2";
To use SSL, set ldaps in the URI:
$ldap_url = "ldaps://localhost";
/etc/ldap.conf (or /etc/ldap/ldap.conf on Debian/Ubuntu) to either:
- Provide the certificate from the certificate authority that issued your LDAP server's certificate:
TLS_CACERT /etc/ssl/ca.crt
- Or, disable server certificate checking:
TLS_REQCERT allow
Credentials
Configure DN and password in $ldap_bindn and $ldap_bindpw:
$ldap_binddn = "cn=manager,dc=example,dc=com"; $ldap_bindpw = "secret";
To use user's credentials when writing in LDAP directory, replace manager with user in $who_change_password:
$who_change_password = "user";
Search parameters
You can set the base of the search in $ldap_base:
$ldap_base = "dc=example,dc=com";
The filter can be set in $ldap_filter:
$ldap_filter = "(&(objectClass=person)(uid={login}))";
{login} is replaced by submitted login.
Special modes
Active Directory
Password in Active Directory is not managed like in other LDAP directories. Use option $ad_mode to use unicodePwd as password field:
$ad_mode = true;
You must also use SSL on LDAP connection because AD refuses to change a password on a clear connection.
Adapt the search filter too:
$ldap_filter = "(&(objectClass=user)(sAMAccountName={login}))";
Samba
To manage compatibility with Windows world, Samba stores a specific hash of the password in a second attribute (sambaNTpassword). It also store modification date in sambaPwdLastSet. Use $samba_mode to manage these attributes:
$samba_mode = true;
