wiki:campuswifiandeduroam2023Agenda/pwdc

Version 3 (modified by tuwan, 4 months ago) ( diff )

--

Self Password Change

LDAP Self Service Password is a web application for end users. It allows them to change or reset their password if they lost it.

You need to install these prerequisites:

  • Apache or another web server
  • php (>=7.4)
  • php-curl (haveibeenpwned api)
  • php-filter
  • php-gd (captcha)
  • php-ldap
  • php-mbstring (reset mail)
  • php-openssl (token crypt, probably built-in)
  • smarty (3 or 4)

Installation From tarball

Uncompress and unarchive the tarball: https://ltb-project.org/download.html

$ tar -zxvf ltb-project-self-service-password-*.tar.gz

Install files in /usr/share/:

# mv ltb-project-self-service-password-* /usr/share/self-service-password #mkdir /usr/share/self-service-password/cache #mkdir /usr/share/self-service-password/templates_c

Adapt ownership of Smarty cache repositories so Apache user can write into them. For example:

chown apache:apache /usr/share/self-service-password/cache chown apache:apache /usr/share/self-service-password/templates_c

Due to a bug in old Debian and Ubuntu smarty3 package, you may face the error syntax error, unexpected token "class". In this case, install a newer version of the package://

# wget http://ftp.us.debian.org/debian/pool/main/s/smarty3/smarty3_3.1.47-2_all.deb

# dpkg -i smarty3_3.1.47-2_all.deb

Configure the repository:

# vi /etc/apt/sources.list.d/ltb-project.list

deb [arch=amd64 signed-by=/usr/share/keyrings/ltb-project.gpg] https://ltb-project.org/debian/stable stable main

Import repository key:

wget -O - https://ltb-project.org/documentation/_static/RPM-GPG-KEY-LTB-project | gpg --dearmor | sudo tee /usr/share/keyrings/ltb-project.gpg >/dev/null

Then update:

apt update

You are now ready to install: apt install self-service-password

Apache configuration 

<VirtualHost *:80>
    ServerName ssp.example.com

    DocumentRoot /usr/share/self-service-password/htdocs
    DirectoryIndex index.php

    AddDefaultCharset UTF-8

    <Directory /usr/share/self-service-password/htdocs>
        AllowOverride None
        <IfVersion >= 2.3>
            Require all granted
        </IfVersion>
        <IfVersion < 2.3>
            Order Deny,Allow
            Allow from all
        </IfVersion>
    </Directory>

    Alias /rest /usr/share/self-service-password/rest

    <Directory /usr/share/self-service-password/rest>
        AllowOverride None
        <IfVersion >= 2.3>
            Require all denied
        </IfVersion>
        <IfVersion < 2.3>
            Order Deny,Allow
            Deny from all
        </IfVersion>
    </Directory>

    LogLevel warn
    ErrorLog /var/log/apache2/ssp_error.log
    CustomLog /var/log/apache2/ssp_access.log combined
</VirtualHost>

a2ensite self-service-password

Check you configuration and reload Apache: 

# apachectl configtest
# apachectl reload

Attachments (1)

Download all attachments as: .zip

Note: See TracWiki for help on using the wiki.