Self Service Password

Documentation for version 0.3


To install it:

# tar zxvf ltb-project-self-service-password-VERSION.tar.gz
# mv ltb-project-self-service-password-VERSION /usr/local/self-service-password

You can configure a virtual host on Apache for this application:

<VirtualHost *:80>

        DocumentRoot /usr/local/self-service-password
        DirectoryIndex index.php

        AddDefaultCharset UTF-8

        LogLevel warn
        ErrorLog /var/log/apache2/ssp_error.log
        CustomLog /var/log/apache2/ssp_access.log combined


Edit the configuration file (

# vi /usr/local/ltb-self-service-password/

Parameters are the following:

  • $ldap_url: LDAP URL, like ldap://myserver
  • $ldap_binddn: Manager DN (not mandatory)
  • $ldap_bindpw: Manager password (not mandatory)
  • $ldap_base: Base of search (users branch)
  • $ldap_filter: Filter to find the user (the string {login} is replaced by submitted login)
  • $ad_mode: Set to true if you use Active Directory
  • $samba_mode : Set to true to change Samba password too (modify sambaNTpassword and sambaPwdLastSet attributes)
  • $hash: Password hashing. Default is “clear”. This option is ignored with $ad_mode. Available hashing are:
    • SHA
    • SSHA
    • MD5
    • SMD5
    • CRYPT
  • $pwd_min_lenght: Minimal length
  • $pwd_max_lenght: Maximal length
  • $pwd_min_lower: Minimal lower characters
  • $pwd_min_upper: Minimal upper characters
  • $pwd_min_digit: Minimal digit
  • $pwd_show_policy: Set to true to display password policy constraints on the page
  • $who_change_password: Set “user” if the user do the modification on the directory or “manager” else (depending on ACLs)
  • $lang: Choose “en”, “fr” or “de”
  • $logo: Path to image logo
  • $debug: Set to true to print debug information

Active Directory

If you use Active Directory, you should adapt the configuration:

  • You must use SSL, so use ldaps:// in $ldap_url
  • Activate $ad_mode
  • Use this filter: (&(objectClass=user)(sAMAccountName={login}))


You can fill the login field by setting the value in the URL, like This is usefull if you link to this page from another program which already knows the user login.