安装SSP, 依赖包包括php5, php5-ldap, php5-mcrypt

启用mcrypt功能: sudo php5enmod mcrypt

第一部分: Apache

安装Apache, 并且启用SSL模块: sudo a2enmod ssl

在/etc/apache2/apache2.conf中加入以下字段:

<Directory /usr/share/self-service-password>

    Options Indexes FollowSymLinks

    AllowOverride None

    Require all granted

</Directory>

新建/etc/apache2/sites-available/self-service-password.conf, 插入以下字段:

<IfModule mod_ssl.c>

    <VirtualHost *:>

        DocumentRoot /usr/share/self-service-password

        SSLEngine on

        SSLCertificateFile /home/chen/ssp.crt

        SSLCertificateKeyFile /home/chen/ssp.key

        SSLCACertificateFile /home/chen/ca.crt

    </VirtualHost>

</IfModule>

启用该网站: sudo a2ensite self-service-password

若想让用户强制访问HTTPS, 则先运行sudo a2enmod rewrite, 然后在/etc/apache2/apache2.conf里面加入下列代码:

RewriteEngine On

RewriteCond %{HTTPS} !on

RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}

第二部分: LDAP

修改/usr/share/self-service-password/conf/config.inc.php

# LDAP

$ldap_url = "ldaps://dc1.abc.local";

$ldap_binddn = "cn=administrator,cn=users,dc=abc,dc=local";

$ldap_bindpw = 'XXXXXX';

$ldap_base = "ou=vb-user,dc=abc,dc=local";

$ldap_login_attribute = "uid";

$ldap_fullname_attribute = "cn";

$ldap_filter = "(&(objectClass=user)(sAMAccountName={login})(!(userAccountControl:1.2.840.113556.1.4.:=)))";

# Active Directory mode

# true: use unicodePwd as password field

# false: LDAPv3 standard behavior

$ad_mode = true;

# Force account unlock when password is changed

$ad_options['force_unlock'] = true;

# Force user change password at next login

$ad_options['force_pwd_change'] = false;

....略...

# Who changes the password?

# Also applicable for question/answer save

# user: the user itself

# manager: the above binddn

$who_change_password = "manager";

修改/etc/ldap/ldap.conf

TLS_CACERT /home/chen/ca.crt    ##指定CA证书的路径

若有问题, 可以尝试查看/var/log/apaches2下的各种日志文件.

第三部分: Mail

安装sendmail. 修改/usr/share/self-service-password/conf/config.inc.php

## Mail

# LDAP mail attribute

$mail_attribute = "mail";

# Who the email should come from

$mail_from = "VBPR@abc.cn";

# Notify users anytime their password is changed

$notify_on_change = false;

Self Service Password: http://ltb-project.org/wiki/start

中文语言包: http://tools.ltb-project.org/issues/632

PWM: https://github.com/jrivard/pwm

最新文章

  1. SQL 实用函数
  2. InstallShield Limited Edition for Visual Studio 2013 图文教程(教你如何打包.NET程序)
  3. 分模块创建maven项目(二)
  4. sqlite数据库 adb 从配置到查询表中数据全过程-----献给初学的自己
  5. sql 中各种锁随记
  6. ios开发之数据存取1-SQLite
  7. cell函数总结
  8. 对象的创建过程(chapter5.7.3)
  9. JAVA基础第九组(5道题)
  10. win10提示管理员已阻止你运行此应用,如何强制运行
  11. 【Java入门提高篇】Day5 Java中的回调(二)
  12. 爬取博主所有文章并保存到本地(.txt版)--python3.6
  13. Python学习笔记十
  14. Ubuntu上安装git和创建工作区和提交文件!!!
  15. docker学习网站
  16. 两种方式:mysql查看正在执行的sql语句
  17. 《Django By Example》第一章 学习笔记
  18. stm32定时器主从模式
  19. jdbc连接sqlserver报错java.lang.ClassNotFoundException: com.microsoft.jdbc.sqlserver.SQLServerDriver
  20. git图解:代码区域总结

热门文章

  1. MinGW/MSYS 交叉编译环境搭建
  2. 1.django笔记之django基础
  3. July 21st, Week 30th Thursday, 2016
  4. 解决win7访问不了局域网共享文件
  5. myeclipse2013和以后版本破解
  6. C++类的成员函数使用的一些小总结
  7. stsadm.exe
  8. C#的面向对象特性之封装
  9. wp8 入门到精通 线程
  10. Java Serializable(序列化)