服务器版本:CentOS Linux release 7.9.2009 (Core)

php版本:7.3.33

LDAP Account Manager:ldap-account-manager-7.9.1.tar.bz2

self-service-password:

一、安装php7.3

1.更新仓库源
yum install https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
yum install http://rpms.remirepo.net/enterprise/remi-release-7.rpm

2.安装yum-utils包
yum install yum-utils

3.移除php旧版本
yum remove php*

4.安装php(php-fpm),指定安装版本
yum-config-manager --enable remi-php73
yum -y install php php-fpm php-mysqlnd php-zip php-devel php-gd php-redis php-mcrypt php-mbstring php-curl php-xml php-pear php-bcmath php-json php-pdo php-pecl-apcu php-pecl-apcu-devel php-ldap php-gmp

5.启动,查看版本
service php-fpm start
php -v

image.png

二、安装 Apache

#安装httpd
yum install httpd -y

#启动httpd
systemctl start httpd
systemctl enable httpd
systemctl status httpd

三、安装LDAP Account Manager-7.9.1

1.解压,移动
tar jxf ldap-account-manager-7.9.1.tar.bz2 
mv ldap-account-manager-7.9.1 /var/www/html/ldap

2.修改配置文件
cd /var/www/html/ldap/config
cp config.cfg.sample config.cfg
cp unix.sample.conf lam.conf
sed -i "s/dc=my-domain,dc=com/dc=node3,dc=com/g" lam.conf(修改为自己的属性)
sed -i "s/cn=Manager/cn=admin/g" lam.conf(修改为自己的属性)
sed -i "s/dc=yourdomain,dc=org/dc=node3,dc=com/g" lam.conf(修改为自己的属性)
sed -i "s#ServerURL: ldap://localhost:389#ServerURL: ldap://192.168.1.12:389#g" lam.conf(修改为自己的属性)

3.授权
chown -R apache.apache /var/www/html/ldap/

4.重启httpd,php
systemctl restart httpd  
systemctl restart php-fpm

5.访问:IP/ldap
http://192.168.64.128/ldap

image.png

6.点击工具 》》》 树状结构,即可看到跟phpldapadmin中一样的结构

四、ldap自助修改密码

1.下载包
yum install https://ltb-project.org/rpm/6Server/noarch/self-service-password-1.1-1.el6.noarch.rpm

2.修改配置
vim /etc/httpd/conf.d/self-service-password.conf
NameVirtualHost *:80
<VirtualHost *:80>
       ServerName changepasswd.xxx.cn
       DocumentRoot /usr/share/self-service-password
       DirectoryIndex index.php
       AddDefaultCharset UTF-8
      <Directory "/usr/share/self-service-password">
            AllowOverride None
            Require all granted
      </Directory>
      LogLevel warn   
      ErrorLog /var/log/httpd/ssp_error_log
      CustomLog /var/log/httpd/ssp_access_log combined
</VirtualHost>


#配置Self Service Password,支持密码修改和邮件重置
vim /usr/share/self-service-password/conf/config.inc.php

# LDAP
$ldap_url = "ldap://192.168.1.12";
$ldap_starttls = false;
$ldap_binddn = "cn=admin,dc=node3,dc=com";
$ldap_bindpw = "123456";
$ldap_base = "dc=node3,dc=com";
$ldap_login_attribute = "uid";
$ldap_fullname_attribute = "cn";
$ldap_filter = "(&(objectClass=person)($ldap_login_attribute={login}))";

$keyphrase = "ldapchangepasswda";  #重要参数
#注意
如果遇到报错 Token encryption requires a random string in keyphrase setting
修改配置: $keyphrase = "secret";   --->  $keyphrase = "ldapchangepasswd"; #任意字符串

#重启httpd
systemctl restart httpd
3.访问
http://192.168.64.128/

image.png

五、ldap自助修改密码策略设置

1.取消问题,邮件,短信按钮
vim /usr/share/self-service-password/conf/config.inc.php

$use_questions = false;
$use_tokens = false;
$use_sms = false;

2.密码策略
# Minimal length(最小长度)
$pwd_min_length = 8;
# Minimal lower characters(最小小写字符数)
$pwd_min_lower = 1;
# Minimal upper characters(最小大写字符数)
$pwd_min_upper = 1;
# Minimal special characters(最小特殊字符数)
$pwd_min_special = 1;

3.修改提示语
vim /usr/share/self-service-password/lang/zh-CN.inc.php(按需修改)

六、查看日志

日志路径:/etc/httpd/logs

参考链接

https://www.cnblogs.com/lixinliang/p/15964645.html
https://cloud.tencent.com/developer/article/1915371