openldap普通用户修改密码平台

openldap默认是不支持用户自己修改密码的，每次创建的用户都是统一的，为了保证密码的私密性，所以需要一个平台可以供用户自己修改自己的密码，这样就能保证密码的安全性了，首先需要安装一下openldap，可以参考：https://www.wulaoer.org/?p=1423

我这里已经搭建好了openldap，使用apache登录一下，看看我的用户属性。

这是我创建一个用来测试的账号wlr，后面就用这个账号做测试修改密码，下面看看这个用户的属性

下面安装自助修改密码平台self-service-password,需要http和php，前面连接已经安装了，下面直接安装

[root@wulaoer ~]# yum install -y https://ltb-project.org/rpm/6Server/noarch/self-service-password-1.1-1.el6.noarch.rpm
[root@wulaoer ~]# ls /etc/httpd/conf.d/self-service-password.conf
/etc/httpd/conf.d/self-service-password.conf
[root@wulaoer ~]# ls /usr/share/self-service-password/conf/config.inc.php
/usr/share/self-service-password/conf/config.inc.php

主要配置就是这两个文件，下面先配置第一个文件，指定http的路径

[root@wulaoer ~]# cat /etc/httpd/conf.d/self-service-password.conf
Alias /pwd /usr/share/self-service-password

<Directory /usr/share/self-service-password>
    AllowOverride None
    Require all granted
</Directory>
[root@wulaoer ~]# systemctl restart httpd
[root@wulaoer ~]# cat /usr/share/self-service-password/conf/config.inc.php
.................................
# LDAP
$ldap_url = "ldap://127.0.0.1:389";
$ldap_starttls = false;
$ldap_binddn = "cn=root,dc=wulaoer,dc=org";
$ldap_bindpw = "wulaoer";
$ldap_base = "dc=wulaoer,dc=org";
$ldap_login_attribute = "uid";   #如果用户属性是cn这里就需要修改成cn
$ldap_fullname_attribute = "cn";
$ldap_filter = "(&(objectClass=inetOrgPerson)($ldap_login_attribute={login}))";
.................................
## Mail
# LDAP mail attribute
$mail_attribute = "mail";
# Get mail address directly from LDAP (only first mail entry)
# and hide mail input field
# default = false
$mail_address_use_ldap = false;
# Who the email should come from
$mail_from = "admin@example.com";
$mail_from_name = "Self Service Password";
$mail_signature = "";
# Notify users anytime their password is changed
$notify_on_change = false;
# PHPMailer configuration (see https://github.com/PHPMailer/PHPMailer)
$mail_sendmailpath = '/usr/sbin/sendmail';
$mail_protocol = 'smtp';
$mail_smtp_debug = 0;
$mail_debug_format = 'html';
$mail_smtp_host = 'localhost';
$mail_smtp_auth = false;
$mail_smtp_user = '';
$mail_smtp_pass = '';
$mail_smtp_port = 25;
$mail_smtp_timeout = 30;
$mail_smtp_keepalive = false;
$mail_smtp_secure = 'tls';
$mail_contenttype = 'text/plain';
$mail_wordwrap = 0;
$mail_charset = 'utf-8';
$mail_priority = 3;
$mail_newline = PHP_EOL;
........................................

我这里只使用修改密码，不设置找回，所以就不配置那么多了，还有密码的复杂度等等。

下面测试一下是否可以修改密码,我使用wlr的用户名

提交之后

密码修改成功，后面就不太叙述了。。。。。。。。。

问题解决：

配置好后，需要重启一下http，然后使用浏览器查看一下，我这里出现报错Token encryption requires a random string in keyphrase setting 在/usr/share/self-service-password/conf/config.inc.php配置文件中找到$keyphrase把value的值修改一下即可。