服务器版本:CentOS Linux release 7.9.2009 (Core)
php版本:7.3.33
LDAP Account Manager:ldap-account-manager-7.9.1.tar.bz2
self-service-password:
一、安装php7.3
1.更新仓库源
yum install https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
yum install http://rpms.remirepo.net/enterprise/remi-release-7.rpm
2.安装yum-utils包
yum install yum-utils
3.移除php旧版本
yum remove php*
4.安装php(php-fpm),指定安装版本
yum-config-manager --enable remi-php73
yum -y install php php-fpm php-mysqlnd php-zip php-devel php-gd php-redis php-mcrypt php-mbstring php-curl php-xml php-pear php-bcmath php-json php-pdo php-pecl-apcu php-pecl-apcu-devel php-ldap php-gmp
5.启动,查看版本
service php-fpm start
php -v
二、安装 Apache
#安装httpd
yum install httpd -y
#启动httpd
systemctl start httpd
systemctl enable httpd
systemctl status httpd
三、安装LDAP Account Manager-7.9.1
1.解压,移动
tar jxf ldap-account-manager-7.9.1.tar.bz2
mv ldap-account-manager-7.9.1 /var/www/html/ldap
2.修改配置文件
cd /var/www/html/ldap/config
cp config.cfg.sample config.cfg
cp unix.sample.conf lam.conf
sed -i "s/dc=my-domain,dc=com/dc=node3,dc=com/g" lam.conf(修改为自己的属性)
sed -i "s/cn=Manager/cn=admin/g" lam.conf(修改为自己的属性)
sed -i "s/dc=yourdomain,dc=org/dc=node3,dc=com/g" lam.conf(修改为自己的属性)
sed -i "s#ServerURL: ldap://localhost:389#ServerURL: ldap://192.168.1.12:389#g" lam.conf(修改为自己的属性)
3.授权
chown -R apache.apache /var/www/html/ldap/
4.重启httpd,php
systemctl restart httpd
systemctl restart php-fpm
5.访问:IP/ldap
http://192.168.64.128/ldap
6.点击工具 》》》 树状结构,即可看到跟phpldapadmin中一样的结构
四、ldap自助修改密码
1.下载包
yum install https://ltb-project.org/rpm/6Server/noarch/self-service-password-1.1-1.el6.noarch.rpm
2.修改配置
vim /etc/httpd/conf.d/self-service-password.conf
NameVirtualHost *:80
<VirtualHost *:80>
ServerName changepasswd.xxx.cn
DocumentRoot /usr/share/self-service-password
DirectoryIndex index.php
AddDefaultCharset UTF-8
<Directory "/usr/share/self-service-password">
AllowOverride None
Require all granted
</Directory>
LogLevel warn
ErrorLog /var/log/httpd/ssp_error_log
CustomLog /var/log/httpd/ssp_access_log combined
</VirtualHost>
#配置Self Service Password,支持密码修改和邮件重置
vim /usr/share/self-service-password/conf/config.inc.php
# LDAP
$ldap_url = "ldap://192.168.1.12";
$ldap_starttls = false;
$ldap_binddn = "cn=admin,dc=node3,dc=com";
$ldap_bindpw = "123456";
$ldap_base = "dc=node3,dc=com";
$ldap_login_attribute = "uid";
$ldap_fullname_attribute = "cn";
$ldap_filter = "(&(objectClass=person)($ldap_login_attribute={login}))";
$keyphrase = "ldapchangepasswda"; #重要参数
#注意
如果遇到报错 Token encryption requires a random string in keyphrase setting
修改配置: $keyphrase = "secret"; ---> $keyphrase = "ldapchangepasswd"; #任意字符串
#重启httpd
systemctl restart httpd
3.访问
http://192.168.64.128/
五、ldap自助修改密码策略设置
1.取消问题,邮件,短信按钮
vim /usr/share/self-service-password/conf/config.inc.php
$use_questions = false;
$use_tokens = false;
$use_sms = false;
2.密码策略
# Minimal length(最小长度)
$pwd_min_length = 8;
# Minimal lower characters(最小小写字符数)
$pwd_min_lower = 1;
# Minimal upper characters(最小大写字符数)
$pwd_min_upper = 1;
# Minimal special characters(最小特殊字符数)
$pwd_min_special = 1;
3.修改提示语
vim /usr/share/self-service-password/lang/zh-CN.inc.php(按需修改)
六、查看日志
日志路径:/etc/httpd/logs
参考链接
https://www.cnblogs.com/lixinliang/p/15964645.html
https://cloud.tencent.com/developer/article/1915371