Self Service Password (SSP)
2024-08-26 05:20:07
安装SSP, 依赖包包括php5, php5-ldap, php5-mcrypt
启用mcrypt功能: sudo php5enmod mcrypt
第一部分: Apache
安装Apache, 并且启用SSL模块: sudo a2enmod ssl
在/etc/apache2/apache2.conf中加入以下字段:
<Directory /usr/share/self-service-password>
Options Indexes FollowSymLinks
AllowOverride None
Require all granted
</Directory>
新建/etc/apache2/sites-available/self-service-password.conf, 插入以下字段:
<IfModule mod_ssl.c>
<VirtualHost *:>
DocumentRoot /usr/share/self-service-password
SSLEngine on
SSLCertificateFile /home/chen/ssp.crt
SSLCertificateKeyFile /home/chen/ssp.key
SSLCACertificateFile /home/chen/ca.crt
</VirtualHost>
</IfModule>
启用该网站: sudo a2ensite self-service-password
若想让用户强制访问HTTPS, 则先运行sudo a2enmod rewrite, 然后在/etc/apache2/apache2.conf里面加入下列代码:
RewriteEngine On
RewriteCond %{HTTPS} !on
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
第二部分: LDAP
修改/usr/share/self-service-password/conf/config.inc.php
# LDAP
$ldap_url = "ldaps://dc1.abc.local";
$ldap_binddn = "cn=administrator,cn=users,dc=abc,dc=local";
$ldap_bindpw = 'XXXXXX';
$ldap_base = "ou=vb-user,dc=abc,dc=local";
$ldap_login_attribute = "uid";
$ldap_fullname_attribute = "cn";
$ldap_filter = "(&(objectClass=user)(sAMAccountName={login})(!(userAccountControl:1.2.840.113556.1.4.:=)))"; # Active Directory mode
# true: use unicodePwd as password field
# false: LDAPv3 standard behavior
$ad_mode = true;
# Force account unlock when password is changed
$ad_options['force_unlock'] = true;
# Force user change password at next login
$ad_options['force_pwd_change'] = false; ....略... # Who changes the password?
# Also applicable for question/answer save
# user: the user itself
# manager: the above binddn
$who_change_password = "manager";
修改/etc/ldap/ldap.conf
TLS_CACERT /home/chen/ca.crt ##指定CA证书的路径
若有问题, 可以尝试查看/var/log/apaches2下的各种日志文件.
第三部分: Mail
安装sendmail. 修改/usr/share/self-service-password/conf/config.inc.php
# LDAP mail attribute
$mail_attribute = "mail";
# Who the email should come from
$mail_from = "VBPR@abc.cn";
# Notify users anytime their password is changed
$notify_on_change = false;
Self Service Password: http://ltb-project.org/wiki/start
中文语言包: http://tools.ltb-project.org/issues/632
PWM: https://github.com/jrivard/pwm
最新文章
- SQL 实用函数
- InstallShield Limited Edition for Visual Studio 2013 图文教程(教你如何打包.NET程序)
- 分模块创建maven项目(二)
- sqlite数据库 adb 从配置到查询表中数据全过程-----献给初学的自己
- sql 中各种锁随记
- ios开发之数据存取1-SQLite
- cell函数总结
- 对象的创建过程(chapter5.7.3)
- JAVA基础第九组(5道题)
- win10提示管理员已阻止你运行此应用,如何强制运行
- 【Java入门提高篇】Day5 Java中的回调(二)
- 爬取博主所有文章并保存到本地(.txt版)--python3.6
- Python学习笔记十
- Ubuntu上安装git和创建工作区和提交文件!!!
- docker学习网站
- 两种方式:mysql查看正在执行的sql语句
- 《Django By Example》第一章 学习笔记
- stm32定时器主从模式
- jdbc连接sqlserver报错java.lang.ClassNotFoundException: com.microsoft.jdbc.sqlserver.SQLServerDriver
- git图解:代码区域总结