Skip to content

ltb-project/self-service-password

9 Branches22 Tags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

coudotcoudot
Update packaging for 1.7.3
Mar 26, 2025
cc7ba79 · Mar 26, 2025

History

1,388 Commits
.github/workflows
.github/workflows
Apr 23, 2024
conf
conf
Sep 20, 2024
docs
docs
Mar 24, 2025
htdocs
htdocs
Mar 24, 2025
lang
lang
Mar 25, 2025
lib
lib
Nov 14, 2024
packaging
packaging
Mar 26, 2025
rest/v1
rest/v1
Oct 29, 2024
scripts
scripts
Sep 4, 2024
templates
templates
Jan 9, 2025
templates_c
templates_c
Jan 4, 2021
tests
tests
Mar 24, 2025
.gitignore
.gitignore
Sep 16, 2024
.readthedocs.yaml
.readthedocs.yaml
Jun 21, 2023
.travis.yml
.travis.yml
Feb 22, 2021
Dockerfile
Dockerfile
Feb 22, 2021
Dockerfile.alpine
Dockerfile.alpine
Jul 24, 2024
LICENCE
LICENCE
Sep 12, 2016
README.md
README.md
Apr 26, 2024
composer.json
composer.json
Jan 9, 2025
github-issues-to-changelog.pl
github-issues-to-changelog.pl
Apr 20, 2021

Repository files navigation

LDAP Tool Box Self Service Password

CII Best Practices Build Status Documentation Status

Presentation

Self Service Password is a PHP application that allows users to change their password in an LDAP directory.

The application can be used on standard LDAPv3 directories (OpenLDAP, OpenDS, ApacheDS, Sun Oracle DSEE, Novell, etc.) and also on Active Directory.

Screenshot

It has the following features:

  • Samba mode to change Samba passwords
  • Active directory mode
  • Password hashing (MD5, SHA, SHA2, Crypt, Argon2)
  • Local password policy:
    • Minimum/maximum length
    • Forbidden characters
    • Upper, Lower, Digit or Special characters counters
    • Reuse old password check
    • Password same as login or other LDAP attributes
    • Complexity (different class of characters)
    • Forbidden words
    • Usage of Have I been pawned API
    • Entropy
  • Help messages
  • Reset by security questions
  • Reset by mail challenge (token sent by mail)
  • Reset by SMS (trough external Email 2 SMS service or SMS API)
  • Change SSH Key in LDAP directory
  • Change mail and phone number in LDAP directory
  • Captcha (built-in)
  • Mail notification after password change
  • Hook script before and after password change
  • REST API

Prerequisite

  • PHP (>=7.4)
  • PHP extensions required:
    • php-curl (haveibeenpwned api)
    • php-gd (captcha)
    • php-filter
    • php-ldap
    • php-mbstring (reset mail)
    • php-openssl (token crypt, probably built-in)
  • Smarty >= 3
  • strong cryptography functions available (for random_compat, PHP 7 or libsodium or /dev/urandom readable or php-mcrypt extension installed)
  • valid PHP mail server configuration
  • valid PHP session configuration

Documentation

Documentation is available on https://self-service-password.readthedocs.io/en/latest/

Docker

We provide an official Docker image.

Create a minimal configuration file:

vi ssp.conf.php

<?php // My SSP configuration
$keyphrase = "mysecret";
$debug = true;
?>

And run:

docker run -p 80:80 \
    -v $PWD/ssp.conf.php:/var/www/conf/config.inc.local.php \
    -it docker.io/ltbproject/self-service-password:latest

Download

Tarballs and packages for Debian and Red Hat are available on https://ltb-project.org/download.html

Debian and Red Hat repositories are also available, see installation instructions.

Source code

Source code is available on https://github.com/ltb-project/self-service-password

About

Web interface to change and reset password in an LDAP directory

self-service-password.readthedocs.io/en/latest/

Topics

ldap password self-service self-service-password

Resources

Readme

License

GPL-3.0 license
Activity
Custom properties

Stars

1.2k stars

Watchers

37 watching

Forks

335 forks
Report repository

Releases 22

Version 1.7.3 Latest
Mar 27, 2025
+ 21 releases

Contributors 73

+ 59 contributors

Languages