LDAP统一账号管理(四)

#LDAP统一账号管理(四)| 来源: 网络整理| 查看: 265

self-service-password 部署

官网文档：https://self-service-password.readthedocs.io/en/v1.4/installation.html

需要环境Apache or another web serverphp (7 or later)php-curl (haveibeenpwned api)php-filterphp-gd (captcha)php-ldapphp-mbstring (reset mail)php-openssl (token crypt, probably built-in)Smarty (version 3)安装

PHP 安装

yum install http://rpms.remirepo.net/enterprise/remi-release-7.rpm yum install yum-utils yum install php72 php72-php-fpm php72-php-gd php72-php-json php72-php-mbstring php72-php-mysqlnd php72-php-xml php72-php-xmlrpc php72-php-opcache php72-php-ldap

Php 配置

vim /etc/php.ini ## 修改对应如下配置 session.save_path = /tmp upload_max_filesize = 10M post_max_size = 16M max_execution_time = 600 request_terminate_timeout = 600 expose_php = Off output_buffering = 4096

启动php

systemctl enable php72-php-fpm.service systemctl start php72-php-fpm.service

nginx 安装

yum install -y nginx

配置文件

vim etc/nginx/conf.d/ssp.conf server { listen 8080; root /usr/share/self-service-password/htdocs; index index.php index.html index.htm; # Make site accessible from http://localhost/ server_name _; # Disable sendfile as per https://docs.vagrantup.com/v2/synced-folders/virtualbox.html sendfile off; gzip on; gzip_comp_level 6; gzip_min_length 1000; gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript application/javascript text/x-js; gzip_vary on; gzip_proxied any; gzip_disable "MSIE [1-6]\.(?!.*SV1)"; # Add stdout logging # pass the PHP scripts to FastCGI server listening on socket # location ~ \.php { #fastcgi_pass unix:/var/run/php-fpm.socket; fastcgi_pass 127.0.0.1:9000; fastcgi_split_path_info ^(.+\.php)(/.+)$; fastcgi_param PATH_INFO $fastcgi_path_info; fastcgi_param PATH_TRANSLATED $document_root$fastcgi_path_info; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_index index.php; try_files $fastcgi_script_name =404; fastcgi_read_timeout 600; include fastcgi_params; } error_page 404 /404.html; location = /404.html { root /usr/share/nginx/html; internal; } # deny access to . files, for security # location ~ /\. { log_not_found off; deny all; } location ~ /scripts { log_not_found off; deny all; } }安装self-service-password## Configure the yum repository: vim /etc/yum.repos.d/ltb-project.repo [ltb-project-noarch] name=LTB project packages (noarch) baseurl=https://ltb-project.org/rpm/$releasever/noarch enabled=1 gpgcheck=1 gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-LTB-project rpm --import https://ltb-project.org/wiki/lib/RPM-GPG-KEY-LTB-project yum install self-service-password

修改配置文件

vim /usr/share/self-service-password/conf/config.inc.php ## ldap # LDAP $ldap_url = "ldap://10.9.0.0:389"; # ldap地址 $ldap_starttls = false; $ldap_binddn = "cn=ldapadm,dc=liuwq,dc=com"; $ldap_bindpw = 'password'; $ldap_base = "dc=liuwq,dc=com"; $ldap_login_attribute = "uid"; $ldap_fullname_attribute = "cn"; $ldap_filter = "(&(objectClass=person)($ldap_login_attribute={login}))"; $ldap_use_exop_passwd = false; $ldap_use_ppolicy_control = false; $who_change_password = "ldapadm"; ## mail 信息配置 $mail_attribute = "mail"; # Get mail address directly from LDAP (only first mail entry) # and hide mail input field # default = false $mail_address_use_ldap = true; # Who the email should come from $mail_from = "[email protected]"; $mail_from_name = "Self Service Password"; $mail_signature = "本邮件为通过密码自助修改LDAP账号密码，无需回复，如有重置密码遇到问题可以联系运维同学"; # Notify users anytime their password is changed $notify_on_change = true; # PHPMailer configuration (see https://github.com/PHPMailer/PHPMailer) $mail_sendmailpath = '/usr/sbin/sendmail'; $mail_protocol = 'smtp'; $mail_smtp_debug = 0; $mail_debug_format = 'html'; $mail_smtp_host = 'smtp.qiye.aliyun.com'; #smtp地址 $mail_smtp_auth = true; $mail_smtp_user = '[email protected]'; $mail_smtp_pass = 'password'; $mail_smtp_port = 25; $mail_smtp_timeout = 30; $mail_smtp_keepalive = false; $mail_smtp_secure = 'tls'; $mail_smtp_autotls = false; $mail_smtp_options = array(); $mail_contenttype = 'text/plain'; $mail_wordwrap = 0; $mail_charset = 'utf-8'; $mail_priority = 3; 浏览器输入：IP：8080，上面配置过的nginx端口

输入LDAP用户即cn，会发送到对应cn信息的邮件（ldap里面用户属性值）

各位小伙伴如果觉得还可以，请关注、点赞、收藏。感谢各位！

【本文地址】

公司简介

联系我们