一、Self Service Password安装
Configure the yum repository :
# vi /etc/yum.repos.d/ltb-project.repo[ltb-project-noarch] name=LTB project packages (noarch) baseurl=https://ltb-project.org/rpm/$releasever/noarch enabled=1 gpgcheck=1 gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-LTB-projectThen update:
# yum updateImport repository key:
# rpm --import https://ltb-project.org/wiki/lib/RPM-GPG-KEY-LTB-projectYou are now ready to install:
# yum install self-service-passwordFrom package
RPM can be downloaded from this page. Choose the file with the .rpm extension.
Install it:
# yum localinstall self-service-password-VERSION.noarch.rpmDependencies should be installed automatically by yum.
You should import LTB GPG key first:
# rpm --import https://ltb-project.org/wiki/lib/RPM-GPG-KEY-LTB-project
二、修改apache配置文件
cat > /etc/httpd/conf.d/self-service-password.conf << "EOF"
<VirtualHost *>
DocumentRoot /usr/share/self-service-password
DirectoryIndex index.php
AddDefaultCharset UTF-8
Alias /ssp /usr/share/self-service-password
<Directory “/usr/share/self-service-password”>
AllowOverride None
Require all granted
</Directory>
LogLevel warn
ErrorLog /var/log/httpd/ssp_error_log
CustomLog /var/log/httpd/ssp_access_log combined
</VirtualHost>
EOF
启动:
service httpd start
三、修改Self Service Password的配置文件
vim /usr/share/self-service-password/conf/config.inc.php
# LDAP
$ldap_url = "ldap://10.15.152.239";
$ldap_starttls = false;
$ldap_binddn = "cn=manager,dc=qlbigdata,dc=com";
$ldap_bindpw = "admin#ldap";
$ldap_base = "dc=qlbigdata,dc=com";
$ldap_login_attribute = "uid";
$ldap_fullname_attribute = "cn";
$ldap_filter = "(&(objectClass=person)($ldap_login_attribute={login}))";
# LDAP mail attribute
$mail_attribute = "mail";
# Get mail address directly from LDAP (only first mail entry)
# and hide mail input field
# default = false
$mail_address_use_ldap = true;
# Who the email should come from
$mail_from = "qlzabbix@mobanker.com";
$mail_from_name = "Self Service Password";
$mail_signature = "";
# Notify users anytime their password is changed
$notify_on_change = false;
# PHPMailer configuration (see https://github.com/PHPMailer/PHPMailer)
$mail_sendmailpath = '/usr/sbin/sendmail';
$mail_protocol = 'smtp';
$mail_smtp_debug = 0;
$mail_debug_format = 'html';
$mail_smtp_host = 'smtp.qiye.163.com';
$mail_smtp_auth = false;
$mail_smtp_user = 'qlzabbix@mobanker.com';
$mail_smtp_pass = '***';
$mail_smtp_port = 25;
$mail_smtp_timeout = 30;$keyphrase = "mysecret";
四、使用Self Service Password修改密码
在ldap配置文件slapd.conf里增加用户可以自己修改的配置。
access to dn.subtree="ou=People,dc=qlbigdata,dc=com" attrs=userPassword,shadowLastChange
by dn="cn=Manager,dc=qlbigdata,dc=com" write
by self write
by anonymous auth
by * read
注意修改slapd.conf文件后要重新生成
# slaptest -f /etc/openldap/slapd.conf -F /etc/openldap/slapd.d config file testing succeeded # chown -R ldap:ldap /etc/openldap/slapd.d/* # service slapd restart
参考: https://www.ilanni.com/?p=13822
官网文档 https://ltb-project.org/documentation/self-service-password/1.2/start