81 lines
3.5 KiB
Markdown
81 lines
3.5 KiB
Markdown
# WebLDAPPasswd
|
|
|
|
WebLDAPPasswd is a web application that provides a single form with which users
|
|
of an LDAP3 accessible directory can change their passwords.
|
|
|
|
## Setup
|
|
|
|
The following steps provide a guideline to setting up WebLDAPPasswd. Adapt them
|
|
to your liking.
|
|
|
|
0. Copy the `webldappasswd` exectuable to `/usr/bin/`. If you choose a different
|
|
location, you have to adapt the Systemd unit file `webldappasswd.service`
|
|
later on.
|
|
1. Create a user `webldappasswd` without shell and without home directory. If
|
|
you choose a different username or do not create a new one, you have to adapt
|
|
the Systemd unit file `webldappasswd.service` later on.
|
|
2. Ensure that the directory `/etc/webldappasswd` exists
|
|
3. Copy the configuration file `config.json` to `/etc/webldappasswd/`. If you
|
|
want to place the configuration file in a different location, you have to
|
|
adapt the Systemd unit file `webldappasswd.service` by providing the
|
|
configuration file path as an argument to the `webldappasswd` exectuable
|
|
(see section "Executable").
|
|
4. Adapt the configuration file `config.json` in `/etc/webldappasswd/` to your
|
|
needs (see section "Configuration")
|
|
5. Setup your reverse proxy (for example Nginx):
|
|
1. Choose a root for the application (for example `https://example.com/wlp/`)
|
|
2. Forward every request under that root except for the following to the
|
|
configured host and port of `webldappasswd`
|
|
3. Serve your own `legal.html` under that root
|
|
4. Optionally serve your own `webldappasswd.css`, `cross.svg`,
|
|
`checkmark.svg`, `hourglass.svg`, or `logo.svg` under that root.
|
|
6. Setup the Systemd service
|
|
1. Copy the Systemd unit file `webldappasswd.service` to
|
|
`/etc/systemd/system`
|
|
2. Enable and start the service `webldappasswd`.
|
|
|
|
## Configuration
|
|
|
|
The configuration file `config.json` is, as the file extension indicates, a
|
|
JSON file. It must contain an object with up to four key-value pairs, exactly
|
|
one of which is mandatory:
|
|
|
|
- The key `"dn"` must be present and point tothe distinguished name (DN) pattern
|
|
for users of the directory. The pattern `{{username}}` must be used as a
|
|
placeholder for the username of a user.
|
|
- The key `"ldap_url"` may be present and point to a value for the URL of the
|
|
directory's LDAP3 API endpoint. The default value is `"ldap://localhost"`.
|
|
- The key `"host"` may be present and sets the host under which `webldappasswd`
|
|
listens for HTTP requests. The default value is `"localhost"`.
|
|
- The key `"port"` may be present and sets the port under which `webldappasswd`
|
|
listens for HTTP requests. The default value is `8000`.
|
|
|
|
## Executable
|
|
|
|
The executable takes one optional parameter, `-c CONFIG_FILE_PATH` or
|
|
`--config CONFIG_FILE_PATH`, that takes a path to a configuration file that
|
|
overrides the default of `/etc/webldappasswd/config.json`. The expected
|
|
contents are described in the configuration section.
|
|
|
|
WebLDAPPasswd logs errors to `stderr` (file descriptor 2).
|
|
|
|
## License
|
|
|
|
WebLDAPPasswd is published by Philipp Matthias Schäfer
|
|
<philipp.matthias.schaefer@posteo.de> under the AGPL3 license. See
|
|
[LICENSE](LICENSE) for a copy of that license.
|
|
|
|
## Dependencies
|
|
|
|
WebLDAPPasswd directly depends on the following Rust libraries all published by
|
|
their copyright holders under the MIT License:
|
|
|
|
* [anyhow](https://github.com/dtolnay/anyhow)
|
|
* [clap](https://clap.rs)
|
|
* [serde](https://serde.rs)
|
|
* [serde_derive](https://serde.rs)
|
|
* [serde_json](https://serde.rs)
|
|
* [ldap3](https://github.com/inejge/ldap3)
|
|
* [rocket](https://rocket.rs)
|
|
* [rocket_contrib](https://rocket.rs)
|