Service Desk

LDAP Tool Box Service Desk is a web application for administrators and support teams. It allows to browse accounts in an LDAP directory, view and update their status.

Features:

• Quick search for an account
• View main attributes
• View account and password status
• Test current password
• Reset password and force password change at next connection
• Lock and unlock account
• Dashboards:
  • Accounts locked
  • Accounts with a password that will soon expire
  • Accounts with an expired password
  • Accounts idle (never connected or not connected since a number of days)

You need to install these prerequisites

• Apache or another web server
• php
• php-ldap
• Smarty (version 3)

Installation

Download from Tar ball (Service Desk) ​https://ltb-project.org/download.html

tar -zxvf ltb-project-service-desk-*.tar.gz

Install files in /usr/share/:

mv ltb-project-service-desk-* /usr/share/service-desk

Configure the repository:

vi /etc/apt/sources.list.d/ltb-project.list

deb [arch=amd64] https://ltb-project.org/debian/stable stable main

Import repository key:

wget -O - https://ltb-project.org/documentation/_static/RPM-GPG-KEY-LTB-project | sudo apt-key add -

Then update:

apt update

You are now ready to install:

apt install service-desk

Note- You may need to install first the package php-Smarty which is not in official repositories.

Apache configuration

<VirtualHost *:80>
   ServerName sd.example.com

   DocumentRoot /usr/share/service-desk/htdocs
   DirectoryIndex index.php

   <Directory /usr/share/service-desk/htdocs>
       AllowOverride None
       Require all granted
   </Directory>

   LogLevel warn
   ErrorLog /var/log/apache2/sd_error.log
   CustomLog /var/log/apache2/sd_access.log combined
</VirtualHost>

Note- The application can also be published in a directory inside the default host

LDAP authentication and authorization

You can use Apache ​mod_authnz_ldap. This module checks user credentials against the LDAP directory and can restrict access to users or groups.

<Directory /usr/share/service-desk/htdocs>
    AllowOverride None
    AuthType basic
    AuthName "LTB Service Desk"
    AuthBasicProvider ldap
    AuthLDAPURL ldap://ldap.example.com/dc=example,dc=com?uid
    Require ldap-group cn=support,ou=groups,dc=example,dc=com
</Directory>

External authentication

You can use any authentication source and authentication protocols, like CAS, SAML or OpenID Connect. Configuring these solutions is out of scope of the current documentation.

General parameters

Set default language in $lang

$lang = "en";

Dates

You can adapt how dates are displayed with specifiers ​see strftime reference

Logo

You change the default logo with your own. Set the path to your logo in $logo:

$logo = "images/ltb-logo.png";

Background

You change the background image with your own. Set the path to image in $background_image:

$background_image = "images/unsplash-space.jpeg";

Custom CSS

To easily customize CSS, you can use a separate CSS file:

$custom_css = "css/custom.css";

Debug

You can turn on debug mode with $debug:

$debug = true;

This is also possible to enable Smarty debug, for web interface issues:

$smarty_debug = true;

Smarty

You need to define where Smarty is installed:

define("SMARTY", "/usr/share/php/smarty3/Smarty.class.php");

Notify administrator by mail

It is possible to provide mail of administrator to service-desk using a HTTP header.

$header_name_notify_admin_by_mail is name of header that will be provided to cgi script as HTTP_$header_name_notify_admin_by_mail to set administrator mail from webserver.

$header_name_notify_admin_by_mail = "SSP-Admin-Mail";

Using Apache, we may set such header using the following:

<VirtualHost *:80>
   ServerName ssp.domain1.com
   RequestHeader setIfEmpty SSP-Admin-Mail admin@example.com
   [...]
</VirtualHost>

LDAP Parameters

Use an LDAP URI to configure the location of your LDAP server in $ldap_url:

$ldap_url = "ldap://localhost:389";

You can set several URI, so that next server will be tried if the previous is down:

$ldap_url = "ldap://server1 ldap://server2";

To use SSL, set ldaps in the URI:

$ldap_url = "ldaps://localhost";

To use StartTLS, set true in $ldap_starttls:

$ldap_starttls = true;

Credentials

Configure DN and password in $ldap_bindn and $ldap_bindpw:

$ldap_binddn = "cn=manager,dc=example,dc=com";
$ldap_bindpw = "secret";

LDAP Base

You can set global base in $ldap_base:

$ldap_base = "dc=example,dc=com";

User search parameters

You can set base of the search in $ldap_user_base:

$ldap_user_base = "ou=users,".$ldap_base;

The filter can be set in $ldap_user_filter:

$ldap_user_filter = "(objectClass=inetOrgPerson)";

Size limit

It is advised to set a search limit on client side if no limit is set by the server:

$ldap_size_limit = 100;

Default password policy

Set $ldap_default_ppolicy value if a default policy is configured in your LDAP directory.

$ldap_default_ppolicy = "cn=default,ou=ppolicy,dc=example,dc=com";