Web app Self-service password


Self-service password allows LDAP user to manage their credentials by themselves. :-)



Requirements

You need both a LDAP and Web server to use this application.


Sources


Installation

Get application


cd /var/www/
wget http://tools.ltb-project.org/attachments/download/497/ltb-project-self-service-password-0.8.tar.gz
tar xzvf ltb-project-self-service-password-0.8.tar.gz 
rm ltb-project-self-service-password-0.8.tar.gz
mv ltb-project-self-service-password-0.8/ self-service-password
chown -R www-data:www-data self-service-password


Configuration

Edit configuration

cd /var/www/self-service-password/conf/
cp config.inc.php config.inc.php.backup
vim config.inc.php


Edit / adjust following lines:

$ldap_url = "ldap://localhost:389";
$ldap_binddn = "cn=admin,dc=vehco,dc=com";
$ldap_bindpw = "secret";
$ldap_base = "dc=vehco,dc=com";
$ldap_login_attribute = "uid";
$ldap_fullname_attribute = "cn";
$ldap_filter = "(&(objectClass=person)($ldap_login_attribute={login}))";

$keyphrase = "ThisIsAnIncrediblePassphraseThatWillBlockHackersAndCrazyPersonsToAccessTheServerOrAtLeastItWillHelpThinkingThat";




Apache2 security

Edit your Virtual Host configuration:

Alias /self-service-password /var/www/self-service-password
<Directory /var/www/self-service-password>
    ProxyPass !
    Options Indexes FollowSymLinks MultiViews
    ## Old apache 2 (before 2.4) 
    order deny,allow
    #allow from all
    Allow from 127.0.0.1 192.168.1.0/24
 
    ## Apache 2.4
    require local
    require ip 192.168.1
    require host dev.daxiongmao.eu
</Directory>


Reload apache2 configuration

service apache2 reload


That's all! You can go to http://myserver/self-service-password