美文网首页
LDAP统一账户认证系统的密码自助修改

LDAP统一账户认证系统的密码自助修改

作者: 天草二十六_简村人 | 来源:发表于2022-03-01 14:54 被阅读0次

    一、安装Self Service Password

    > cd /opt/ldap/
    > pwd
    /opt/ldap
    > ll
    total 4
    -rw-r--r-- 1 root root 936 Mar  1 12:38 docker-compose.yml
    
    > vi docker-compose.yml
    
    version: "3"
    services:
      self-service-password:
        container_name: self-service-password
        image: tiredofit/self-service-password:latest
        restart: always
        ports:
          - 8389:80
        environment:
          - LDAP_SERVER=ldap://192.168.180.6:389
          - LDAP_BINDDN=cn=xx,dc=xxx,dc=com
          - LDAP_BINDPASS=xxx
          - LDAP_BASE_SEARCH=ou=people,dc=xxx,dc=com
          - MAIL_FROM=xx@xxx.com
          - SMTP_DEBUG=0
          - SMTP_HOST=smtp.exmail.qq.com
          - SMTP_USER=xx@xxx.com
          - SMTP_PASS=xxx
          - SMTP_PORT=465
          - SMTP_SECURE_TYPE=ssl
          - SMTP_AUTH_ON=true
          - NOTIFY_ON_CHANGE=true
        volumes:
          - /etc/localtime:/etc/localtime
          - /data/openldap/self-service-password/htdocs:/www/ssp
          - /data/openldap/self-service-password/logs:/www/logs
        deploy:
          resources:
            limits:
               memory: 2G
            reservations:
               memory: 512M
    

    这里将php及配置都映射到持久化卷上,这里是/data/openldap/self-service-password/htdocs。

    > pwd
    /data/openldap/self-service-password/htdocs
    > ll
    total 68
    drwxrwxr-x 2 80 82    28 Mar  1 12:42 conf
    drwxrwxr-x 2 80 82   179 Mar  1 10:15 css
    drwxrwxr-x 2 80 82  4096 Mar  1 10:15 fonts
    -rw-rw-r-- 1 80 82   973 Jul 10  2018 github-issues-to-changelog.pl
    drwxrwxr-x 2 80 82   152 Mar  1 10:15 images
    -rw-rw-r-- 1 80 82  9787 Jul 10  2018 index.php
    drwxrwxr-x 2 80 82    57 Mar  1 10:15 js
    drwxrwxr-x 2 80 82  4096 Mar  1 10:15 lang
    drwxrwxr-x 3 80 82   108 Mar  1 10:15 lib
    -rw-rw-r-- 1 80 82 35147 Jul 10  2018 LICENCE
    -rw-rw-r-- 1 80 82  2952 Jul 10  2018 menu.php
    drwxrwxr-x 4 80 82    64 Mar  1 10:15 packaging
    drwxrwxr-x 2 80 82   164 Mar  1 14:12 pages
    -rw-rw-r-- 1 80 82  1994 Jul 10  2018 README.md
    drwxrwxr-x 2 80 82    33 Mar  1 10:15 scripts
    drwxrwxr-x 2 80 82   102 Mar  1 10:15 tests
    
    > pwd
    /data/openldap/self-service-password/htdocs/pages
    > ll
    total 88
    -rw-rw-r-- 1 80 82 12711 Jul 10  2018 change.php
    -rw-rw-r-- 1 80 82  8169 Jul 10  2018 changesshkey.php
    -rw-rw-r-- 1 80 82 11515 Jul 10  2018 resetbyquestions.php
    -rw-rw-r-- 1 80 82 11073 Jul 10  2018 resetbytoken.php
    -rw-rw-r-- 1 80 82 14805 Jul 10  2018 sendsms.php
    -rw-rw-r-- 1 80 82  9540 Mar  1 12:34 sendtoken.php
    -rw-rw-r-- 1 80 82  9396 Jul 10  2018 setquestions.php
    

    配置文件在conf/config.inc.php, 亲试过,不支持在环境变量里配置!!

    # Reset URL (if behind a reverse proxy)
    #$reset_url = $_SERVER['HTTP_X_FORWARDED_PROTO'] . "://" . $_SERVER['HTTP_X_FORWARDED_HOST'] . $_SERVER['SCRIPT_NAME'];
    
    $reset_url = "http://192.168.5.100:8389/index.php";
    
    替换为你实际的ip地址。
    

    二、遇到的问题

    1、密码重置的链接不对

    安装后,默认见下:

    xxx 您好,
    
    点击以下链接重置您的密码:
    [https://:80/index.php?action=resetbytoken&token=3vUCAImVIXplCv4mIXlQnFRvQ1EBG3GILJZrUG1z78ucuKCxmgake40S2jmM1OW7TpjAqEXQjYldPrth1tbNKXfT3GtdeCOondWpYvbZA6GKlkWekM76ZChhtR2vTO28%2FAo9mTBvjqHtGYi5srBTf7W0YdM%3D](https://:80/index.php?action=resetbytoken&token=3vUCAImVIXplCv4mIXlQnFRvQ1EBG3GILJZrUG1z78ucuKCxmgake40S2jmM1OW7TpjAqEXQjYldPrth1tbNKXfT3GtdeCOondWpYvbZA6GKlkWekM76ZChhtR2vTO28%2FAo9mTBvjqHtGYi5srBTf7W0YdM%3D "https://:80/index.php?action=resetbytoken&token=3vUCAImVIXplCv4mIXlQnFRvQ1EBG3GILJZrUG1z78ucuKCxmgake40S2jmM1OW7TpjAqEXQjYldPrth1tbNKXfT3GtdeCOondWpYvbZA6GKlkWekM76ZChhtR2vTO28%2FAo9mTBvjqHtGYi5srBTf7W0YdM%3D")
    
    如果您没有请求修改密码,请忽略该邮件。
    
    

    这个地址明显有误,修改reset_url变量后的链接地址见下:

    xxx 您好,
    
    点击以下链接重置您的密码:
    [http://192.168.5.100:8389/index.php?action=resetbytoken&token=3vUCAOX5paZ2uUSEr2ssYSNJaXlCzS3Q510BW9C7d%2BZ3nTqb9duMpsS9eR6f9zs2Q46cFmjzm%2F01X1uuP4LuCCaQTxA7CW213BgodkHFtjJem1quRbEMvyIeXpNv4VbFXkq7rDzyKDG3yqmXfz8JQ9hNtIc%3D](http://192.168.5.100:8389/index.php?action=resetbytoken&token=3vUCAOX5paZ2uUSEr2ssYSNJaXlCzS3Q510BW9C7d%2BZ3nTqb9duMpsS9eR6f9zs2Q46cFmjzm%2F01X1uuP4LuCCaQTxA7CW213BgodkHFtjJem1quRbEMvyIeXpNv4VbFXkq7rDzyKDG3yqmXfz8JQ9hNtIc%3D "http://192.168.5.100:8389/index.php?action=resetbytoken&token=3vUCAOX5paZ2uUSEr2ssYSNJaXlCzS3Q510BW9C7d%2BZ3nTqb9duMpsS9eR6f9zs2Q46cFmjzm%2F01X1uuP4LuCCaQTxA7CW213BgodkHFtjJem1quRbEMvyIeXpNv4VbFXkq7rDzyKDG3yqmXfz8JQ9hNtIc%3D")
    
    如果您没有请求修改密码,请忽略该邮件。
    
    

    2、修改密码的邮件提醒

    在docker-conpose.yml中设置环境变量,NOTIFY_ON_CHANGE=true(默认是false,也即收不到提醒邮件)

    xxx 您好,
    
    您的密码已修改。
    
    如果您没有修改密码,请立即联系您的管理员。
    

    三、启动与停止服务

    docker-compose up -d
    
    docker-compose down
    

    访问地址是:http://192.168.5.100:8389/index.php

    修改密码界面.png
    通过邮箱进行密码重置.png

    相关文章

      网友评论

          本文标题:LDAP统一账户认证系统的密码自助修改

          本文链接:https://www.haomeiwen.com/subject/osidrrtx.html