OpenLDAP 自助修改密码系统

一、创建docker-compose文件

root@xx:~# mkdir self-service-password
root@xx:~# cd self-service-password
root@xx:~/self-service-password# vim docker-compose.yml

version: '2'
services:
  ssp-app:
    image: tiredofit/self-service-password:latest #建议修改为指定的版本的镜像
    container_name: ssp-app
    volumes: # 挂载数据目录以及日志
      - ./data/:/www/ssp
      - ./logs/:/www/logs
    ports:
      - 80:80
    environment:
      - LDAP_SERVER=ldap://172.16.1.113:389 # ldap服务: ldap://ip:port
      - LDAP_STARTTLS=false
      - LDAP_BINDDN=cn=admin,dc=lixy,dc=com # 绑定的dn. 具体根据自己的实际修改(管理员dn)
      - LDAP_BINDPASS=Root@123 # 上述cn=admin的密码
      - LDAP_BASE_SEARCH=ou=Group,dc=lixy,dc=com
      - LDAP_LOGIN_ATTRIBUTE=uid
      - LDAP_FULLNAME_ATTRIBUTE=cn
# Active Directory mode
# true: use unicodePwd as password field
# false: LDAPv3 standard behavior
      - ADMODE=false
# Force account unlock when password is changed
      - AD_OPT_FORCE_UNLOCK=false
# Force user change password at next login
      - AD_OPT_FORCE_PWD_CHANGE=false
# Allow user with expired password to change password
      - AD_OPT_CHANGE_EXPIRED_PASSWORD=false
# Samba mode
# true: update sambaNTpassword and sambaPwdLastSet attributes too
# false: just update the password
      - SAMBA_MODE=false
# Shadow options - require shadowAccount objectClass
# Update shadowLastChange
      - SHADOW_OPT_UPDATE_SHADOWLASTCHANGE=false
# Hash mechanism for password:
# SSHA
# SHA
# SMD5
# MD5
# CRYPT
# clear (the default)
# auto (will check the hash of current password)
# This option is not used with ad_mode = true
      - PASSWORD_HASH=MD5 # 密码hash类型
# Local password policy
# This is applied before directory password policy
# Minimal length
      - PASSWORD_MIN_LENGTH=12 # 此处定义密码的组合
# Maximal length
      - PASSWORD_MAX_LENGTH=30
# Minimal lower characters
      - PASSWORD_MIN_LOWERCASE=2
# Minimal upper characters
      - PASSWORD_MIN_UPPERCASE=2
# Minimal digit characters
      - PASSWORD_MIN_DIGIT=2
# Minimal special characters
      - PASSWORD_MIN_SPECIAL=2
# Dont reuse the same password as currently
      - PASSWORD_NO_REUSE=true
    # Definition of special characters
      - PASSWORD_SPECIAL_CHARACTERS=^a-zA-Z0-9 # 定义特殊字符
    # Forbidden characters
    # Check that password is different than login
      - PASSWORD_DIFFERENT_LOGIN=true
# Show policy constraints message:
# always
# never
# one rror
      - PASSWORD_SHOW_POLICY=onerror # 何时显示密码策略信息
# Position of password policy constraints message:
# above - the form
# below - the form
      - PASSWORD_SHOW_POLICY_POSITION=above
# Who changes the password?
# Also applicable for question/answer save
# user: the user itself
# manager: the above binddn
      - WHO_CAN_CHANGE_PASSWORD=user # 指定谁来修改密码
## Questions/answers
# Use questions/answers?
# true (default)
# false
      - QUESTIONS_ENABLED=false
## Mail
# LDAP mail attribute
      - LDAP_MAIL_ATTRIBUTE=mail
# Who the email should come from
      - MAIL_FROM=lx_5494@163.com
      - MAIL_FROM_NAME=云原生生态圈认证中心
# Notify users anytime their password is changed
      - NOTIFY_ON_CHANGE=true
# PHPMailer configuration (see https://github.com/PHPMailer/PHPMailer)
      - SMTP_DEBUG=0
      - SMTP_HOST=smtp.163.com # 定义邮件信息，用于发送邮件
      - SMTP_AUTH_ON=true
      - SMTP_USER=lx_5494@163.com
      - SMTP_PASS=GZQWMFVALMDBNOZS # 这里是邮箱的授权码
      - SMTP_PORT=465
      - SMTP_SECURE_TYPE=ssl
      - SMTP_AUTOTLS=false
    ## Tokens
    # Use tokens?
    # true
    # false
      - USE_TOKENS=true
    # Crypt tokens?
    # true
    # false
      - TOKEN_CRYPT=true
    # Token lifetime in seconds
      - TOKEN_LIFETIME=1800
 ## SMS
# Use sms (NOT WORKING YET)
      - USE_SMS=false
# Reset URL (if behind a reverse proxy)
      - IS_BEHIND_PROXY=true
# Display help messages
      - SHOW_HELP=true
# Language
      - LANG=en
# Debug mode
      - DEBUG_MODE=false
# Encryption, decryption keyphrase
      - SECRETEKEY=secretkey
## CAPTCHA
# Use Google reCAPTCHA (http://www.google.com/recaptcha)
      - USE_RECAPTCHA=false
# Go on the site to get public and private key
      - RECAPTCHA_PUB_KEY=akjsdnkajnd
      - RECAPTCHA_PRIV_KEY=aksdjnakjdnsa
## Default action
# change
# sendtoken
# sendsms
      - DEFAULT_ACTION=change
      - BACKGROUND_IMAGE=images/unsplash-space.jpeg # 自定义背景图片
      - LOGO=images/logo.png # 自定义logo图片

root@xx:~/self-service-password# docker-compose up --build -d

二、报错信息处理

1、出现Parse error: syntax error, unexpected '""' (T_CONSTANT_ENCAPSED_STRING) in /www/ssp/conf/config.inc.php on line 103

处理方法：进入容器，查看配置文档103行信息

root@xx:~/self-service-password# docker exec -it ssp-app /bin/bash
[tiredofit/self-service-password:5.3.1 06:16:34 /] $ vim /www/ssp/conf/config.inc.php

出现两个双引号，临时解决方法就是直接在容器中修改配置文件，删除一对双引号，永久解决方案，在docker-comppse.yml文件中删除双引号

然后重新加载docker-compse文件

root@xx:~/self-service-password# docker-compose up --build -d

2、出现Notice: Undefined index: HTTP_X_FORWARDED_PROTO in /www/ssp/conf/config.inc.php on line 244
处理方法：进入容器，查看配置文档244行信息

root@xx:~/self-service-password# docker exec -it ssp-app /bin/bash
[tiredofit/self-service-password:5.3.1 06:22:13 /] $ vim /www/ssp/conf/config.inc.php
注释：244行