Self Service Password
Documentation for version 0.3
Installation
To install it:
# tar zxvf ltb-project-self-service-password-VERSION.tar.gz # mv ltb-project-self-service-password-VERSION /usr/local/self-service-password
You can configure a virtual host on Apache for this application:
<VirtualHost *:80> ServerName ssp.example.com DocumentRoot /usr/local/self-service-password DirectoryIndex index.php AddDefaultCharset UTF-8 LogLevel warn ErrorLog /var/log/apache2/ssp_error.log CustomLog /var/log/apache2/ssp_access.log combined </VirtualHost>
Configuration
Edit the configuration file (config.inc.php):
# vi /usr/local/ltb-self-service-password/config.inc.php
Parameters are the following:
- $ldap_url: LDAP URL, like ldap://myserver
- $ldap_binddn: Manager DN (not mandatory)
- $ldap_bindpw: Manager password (not mandatory)
- $ldap_base: Base of search (users branch)
- $ldap_filter: Filter to find the user (the string {login} is replaced by submitted login)
- $ad_mode: Set to true if you use Active Directory
- $samba_mode : Set to true to change Samba password too (modify sambaNTpassword and sambaPwdLastSet attributes)
- $hash: Password hashing. Default is “clear”. This option is ignored with $ad_mode. Available hashing are:
- SHA
- SSHA
- MD5
- SMD5
- CRYPT
- $pwd_min_lenght: Minimal length
- $pwd_max_lenght: Maximal length
- $pwd_min_lower: Minimal lower characters
- $pwd_min_upper: Minimal upper characters
- $pwd_min_digit: Minimal digit
- $pwd_show_policy: Set to true to display password policy constraints on the page
- $who_change_password: Set “user” if the user do the modification on the directory or “manager” else (depending on ACLs)
- $lang: Choose “en”, “fr” or “de”
- $logo: Path to image logo
- $debug: Set to true to print debug information
Active Directory
If you use Active Directory, you should adapt the configuration:
- You must use SSL, so use ldaps:// in $ldap_url
- Activate $ad_mode
- Use this filter: (&(objectClass=user)(sAMAccountName={login}))
Tips
You can fill the login field by setting the value in the URL, like http://ssp.example.com/?login=mylogin. This is usefull if you link to this page from another program which already knows the user login.