fiveop/WebLDAPPasswd
1
0
Fork 0
Code Issues Pull Requests Releases Activity
Files
1428d07ee905903b71fdadaae34256e3e3513ee0
WebLDAPPasswd/README.md

3.4 KiB
Raw Blame History

WebLDAPPasswd

WebLDAPPasswd is a web application that provides a single form using which users of an LDAP3 accessible directory to change their passwords.

Setup

The following steps provide a guideline to setting up WebLDAPPasswd. Adapt them to your liking.

  1. Copy the webldappasswd exectuable to /usr/bin/. If you choose a different location, you have to adapt the Systemd unit file webldappasswd.service later on.
  2. Create a user webldappasswd without shell and without home directory. If you choose a different username or do not create a new one, you have to adapt the Systemd unit file webldappasswd.service later on.
  3. Ensure that the directory /etc/webldappasswd exists
  4. Copy the configuration file config.json to /etc/webldappasswd/. If you want to place the configuration file in a different location, you have to adapt the Systemd unit file webldappasswd.service by providing the configuration file path as an argument to the webldappasswd exectuable (see section "Executable").
  5. Adapt the configuration file config.json in /etc/webldappasswd/ to your needs (see section "Configuration")
  6. Setup your reverse proxy (for example Nginx):
    1. Choose a root for the application (for example https://example.com/wlp/)
    2. Forward every request under that root except for the following to the configuration host and port of webldappasswd
    3. Serve your own legal.html under that root
    4. Optionally serve your own webldappasswd.css, cross.svg, checkmark.svg, or hourglass.svg under that root.
  7. Setup the Systemd service
    1. Copy the Systemd unit file webldappasswd.service to /etc/systemd/system
    2. Enable and start the service webldappasswd.

Configuration

The configuration file config.json is, as the file extension indicates, a JSON file. It must contain an object with up to four key-value pairs, exactly one of which is mandatory:

  • The key "dn" must be present and point tothe distinguished name (DN) pattern for users of the directory. The pattern {{username}} must be used as a placeholder for the username of a user.
  • The key "ldap_url" may be present and point to a value for the URL of the directory's LDAP3 API endpoint. The default value is "ldap://localhost".
  • The key "host" may be present and sets the host under which webldappasswd listens for HTTP requests. The default value is "localhost".
  • The key "port" may be present and sets the port under which webldappasswd listens for HTTP requests. The default value is 8000.

Executable

The executable takes one optional parameter, -c CONFIG_FILE_PATH or --config CONFIG_FILE_PATH, that takes a path to a configuration file that overrides the default of /etc/webldappasswd/config.json. The expected contents are described in the configuration section.

WebLDAPPasswd logs errors to stderr (file descriptor 2).

License

WebLDAPPasswd is published by Philipp Matthias Schäfer philipp.matthias.schaefer@posteo.de under the AGPL3 license. See [LICENSE] for a copy of that license.

Dependencies

WebLDAPPasswd directly depends on the following Rust libraries all published by their copyright holders under the MIT License: