Self Service Password (SSP)
安裝SSP, 依賴包包括php5, php5-ldap, php5-mcrypt
啟用mcrypt功能: sudo php5enmod mcrypt
?
第一部分: Apache
安裝Apache, 并且啟用SSL模塊:?sudo a2enmod ssl
在/etc/apache2/apache2.conf中加入以下字段:
<Directory /usr/share/self-service-password>Options Indexes FollowSymLinksAllowOverride NoneRequire all granted </Directory>新建/etc/apache2/sites-available/self-service-password.conf, 插入以下字段:
<IfModule mod_ssl.c><VirtualHost *:443>DocumentRoot /usr/share/self-service-passwordSSLEngine onSSLCertificateFile /home/chen/ssp.crtSSLCertificateKeyFile /home/chen/ssp.keySSLCACertificateFile /home/chen/ca.crt</VirtualHost> </IfModule>啟用該網(wǎng)站:?sudo a2ensite self-service-password
若想讓用戶強(qiáng)制訪問HTTPS, 則先運(yùn)行sudo a2enmod rewrite, 然后在/etc/apache2/apache2.conf里面加入下列代碼:
RewriteEngine On RewriteCond %{HTTPS} !on RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}?
第二部分: LDAP
修改/usr/share/self-service-password/conf/config.inc.php
# LDAP $ldap_url = "ldaps://dc1.abc.local"; $ldap_binddn = "cn=administrator,cn=users,dc=abc,dc=local"; $ldap_bindpw = 'XXXXXX'; $ldap_base = "ou=vb-user,dc=abc,dc=local"; $ldap_login_attribute = "uid"; $ldap_fullname_attribute = "cn"; $ldap_filter = "(&(objectClass=user)(sAMAccountName={login})(!(userAccountControl:1.2.840.113556.1.4.803:=2)))"; # Active Directory mode # true: use unicodePwd as password field # false: LDAPv3 standard behavior $ad_mode = true; # Force account unlock when password is changed $ad_options['force_unlock'] = true; # Force user change password at next login $ad_options['force_pwd_change'] = false;....略...# Who changes the password? # Also applicable for question/answer save # user: the user itself # manager: the above binddn $who_change_password = "manager";修改/etc/ldap/ldap.conf
TLS_CACERT /home/chen/ca.crt ##指定CA證書的路徑若有問題, 可以嘗試查看/var/log/apaches2下的各種日志文件.
?
第三部分: Mail
安裝sendmail.?修改/usr/share/self-service-password/conf/config.inc.php
## Mail # LDAP mail attribute $mail_attribute = "mail"; # Who the email should come from $mail_from = "VBPR@abc.cn"; # Notify users anytime their password is changed $notify_on_change = false;?
?
Self Service Password: http://ltb-project.org/wiki/start?
中文語言包: http://tools.ltb-project.org/issues/632
PWM:?https://github.com/jrivard/pwm
轉(zhuǎn)載于:https://www.cnblogs.com/IvanChen/p/4763473.html
總結(jié)
以上是生活随笔為你收集整理的Self Service Password (SSP)的全部內(nèi)容,希望文章能夠幫你解決所遇到的問題。
- 上一篇: SharePoint PowerShel
- 下一篇: JS实现md5.js、md4.js、sh