I decided to allow users on the server to change their passwords, when they want, through a web based tool. I chose LTB's Self Service Password. A simple php tool with lots of neat features like SMS reset, security questions, etc. I only plan to enable the simple form to reset the password. To install, download the latest .deb file, (0.8 in my case). Next install the dependencies, and restart php5.
sudo apt-get install apache2 php5 php5-ldap php5-mcryptThen the .deb
sudo service php5-fpm restart
sudo dpkg -i self-service-password_0.8-1_all.debYou will need to modify php config file at /usr/share/self-service-password/conf/config.inc.php and make some changes to LDAP.
In my case, the server runs on the localhost.
$ldap_url = "ldap://localhost";ldap_binddn and ldap_bindpw are made blank ("") to not use admin credentials.
$ldap_binddn = "";ldap_base is set to your domain.
$ldap_bindpw = "";
$ldap_base = "dc=domain,dc=com";I'm using simple posix schema for users.
$ldap_filter = "(&(objectClass=posixAccount)($ldap_login_attribute={login}))";Next up, modify your nginx config file at /etc/nginx/sites-enabled/default,and add the following sections.
#Self Service Password Section
location /self-service-password {
alias /usr/share/self-service-password;
index index.html index.php;
}
location ~ ^/self-service-password/.*\.php$ {Restart nginx and browse to https://www.domain.com/self-service-password
root /usr/share;
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $request_filename;
include /etc/nginx/fastcgi_params;
}
sudo service nginx restart
This comment has been removed by the author.
ReplyDeleteThis comment has been removed by the author.
Delete