=== Self Password Change === LDAP Self Service Password is a web application for end users. It allows them to change or reset their password if they lost it. You need to install these prerequisites: - Apache or another web server - php (>=7.4) - php-curl (haveibeenpwned api) - php-filter - php-gd (captcha) - php-ldap - php-mbstring (reset mail) - php-openssl (token crypt, probably built-in) - smarty (3 or 4) Installation From tarball Uncompress and unarchive the tarball: https://ltb-project.org/download.html {{{$ tar -zxvf ltb-project-self-service-password-*.tar.gz}}} Install files in /usr/share/: {{{ # mv ltb-project-self-service-password-* /usr/share/self-service-password}}} {{{#mkdir /usr/share/self-service-password/cache}}} {{{#mkdir /usr/share/self-service-password/templates_c}}} Adapt ownership of Smarty cache repositories so Apache user can write into them. For example: {{{chown apache:apache /usr/share/self-service-password/cache}}} {{{chown apache:apache /usr/share/self-service-password/templates_c}}} //Due to a bug in old Debian and Ubuntu smarty3 package, you may face the error syntax error, unexpected token "class". In this case, install a newer version of the package:// //{{{# wget http://ftp.us.debian.org/debian/pool/main/s/smarty3/smarty3_3.1.47-2_all.deb}}}// //{{{# dpkg -i smarty3_3.1.47-2_all.deb}}}// Configure the repository: {{{# vi /etc/apt/sources.list.d/ltb-project.list}}} {{{deb [arch=amd64 signed-by=/usr/share/keyrings/ltb-project.gpg] https://ltb-project.org/debian/stable stable main}}} Import repository key: {{{wget -O - https://ltb-project.org/documentation/_static/RPM-GPG-KEY-LTB-project | gpg --dearmor | sudo tee /usr/share/keyrings/ltb-project.gpg >/dev/null}}} Then update: {{{apt update}}} You are now ready to install: {{{apt install self-service-password}}} ''' Apache configuration''' {{{ ServerName ssp.example.com DocumentRoot /usr/share/self-service-password/htdocs DirectoryIndex index.php AddDefaultCharset UTF-8 AllowOverride None = 2.3> Require all granted Order Deny,Allow Allow from all Alias /rest /usr/share/self-service-password/rest AllowOverride None = 2.3> Require all denied Order Deny,Allow Deny from all LogLevel warn ErrorLog /var/log/apache2/ssp_error.log CustomLog /var/log/apache2/ssp_access.log combined }}} {{{a2ensite self-service-password}}} Check you configuration and reload Apache: {{{ # apachectl configtest # apachectl reload }}}