安裝SSP, 依賴包包括php5, php5-ldap, php5-mcrypt

啟用mcrypt功能: sudo php5enmod mcrypt

?

第一部分: Apache

安裝Apache, 并且啟用SSL模塊:?sudo a2enmod ssl

在/etc/apache2/apache2.conf中加入以下字段:

<Directory /usr/share/self-service-password>Options Indexes FollowSymLinksAllowOverride NoneRequire all granted </Directory>

新建/etc/apache2/sites-available/self-service-password.conf, 插入以下字段:

<IfModule mod_ssl.c><VirtualHost *:443>DocumentRoot /usr/share/self-service-passwordSSLEngine onSSLCertificateFile /home/chen/ssp.crtSSLCertificateKeyFile /home/chen/ssp.keySSLCACertificateFile /home/chen/ca.crt</VirtualHost> </IfModule>

啟用該網站:?sudo a2ensite self-service-password

若想讓用戶強制訪問HTTPS, 則先運行sudo a2enmod rewrite, 然后在/etc/apache2/apache2.conf里面加入下列代碼:

RewriteEngine On RewriteCond %{HTTPS} !on RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}

?

第二部分: LDAP

修改/usr/share/self-service-password/conf/config.inc.php

# LDAP $ldap_url = "ldaps://dc1.abc.local"; $ldap_binddn = "cn=administrator,cn=users,dc=abc,dc=local"; $ldap_bindpw = 'XXXXXX'; $ldap_base = "ou=vb-user,dc=abc,dc=local"; $ldap_login_attribute = "uid"; $ldap_fullname_attribute = "cn"; $ldap_filter = "(&(objectClass=user)(sAMAccountName={login})(!(userAccountControl:1.2.840.113556.1.4.803:=2)))"; # Active Directory mode # true: use unicodePwd as password field # false: LDAPv3 standard behavior $ad_mode = true; # Force account unlock when password is changed $ad_options['force_unlock'] = true; # Force user change password at next login $ad_options['force_pwd_change'] = false;....略...# Who changes the password? # Also applicable for question/answer save # user: the user itself # manager: the above binddn $who_change_password = "manager";

修改/etc/ldap/ldap.conf

TLS_CACERT /home/chen/ca.crt ##指定CA證書的路徑

若有問題, 可以嘗試查看/var/log/apaches2下的各種日志文件.

?

第三部分: Mail

安裝sendmail.?修改/usr/share/self-service-password/conf/config.inc.php

## Mail # LDAP mail attribute $mail_attribute = "mail"; # Who the email should come from $mail_from = "VBPR@abc.cn"; # Notify users anytime their password is changed $notify_on_change = false;

?

?

Self Service Password: http://ltb-project.org/wiki/start?

中文語言包: http://tools.ltb-project.org/issues/632

PWM:?https://github.com/jrivard/pwm

轉載于:https://www.cnblogs.com/IvanChen/p/4763473.html

總結

以上是生活随笔為你收集整理的Self Service Password (SSP)的全部內容，希望文章能夠幫你解決所遇到的問題。

如果覺得生活随笔網站內容還不錯，歡迎將生活随笔推薦給好友。