This fork integrates password strength metering from Dropbox's zxcvbn library. Both the standard Javascript library (for live strength display as the user types) and the Python library (for server side verification to reject weak passwords) are included as git submodules.
After cloning this repo be sure to load the submodules:
self-service-password$ git submodule init
self-service-password$ git submodule update
- This fork adds no settings. Password strength 2 (mediocre) is required.
- Only
pages/change.phpandpages/resetbytoken.phphave been updated. If you use other reset methods (sms, etc) then edit those pages.
Self Service Password is a PHP application that allows users to change their password in an LDAP directory.
The application can be used on standard LDAPv3 directories (OpenLDAP, OpenDS, ApacheDS, Sun Oracle DSEE, Novell, etc.) and also on Active Directory.
It has the following features:
- Samba mode to change Samba passwords
- Active directory mode
- Local password policy:
- Minimum/maximum length
- Forbidden characters
- Upper, Lower, Digit or Special characters counters
- Reuse old password check
- Password same as login
- Complexity (different class of characters)
- Help messages
- Reset by questions
- Reset by mail challenge (token sent by mail)
- Reset by SMS (trough external Email 2 SMS service or SMS API)
- Change SSH Key in LDAP directory
- reCAPTCHA (Google API)
- Mail notification after password change
- Hook script after password change
- PHP extensions required:
- php-openssl (token crypt, probably built-in)
- php-mbstring (reset mail)
- php-ldap
- strong cryptography functions available (for random_compat, php 7 or libsodium or /dev/urandom readable or php-mcrypt extension installed)
- valid PHP mail server configuration (reset mail)
- valid PHP session configuration (reset mail)
Documentation is available on http://ltb-project.org/wiki/documentation/self-service-password
Tarballs and packages for Debian and Red Hat are available on http://ltb-project.org/wiki/download#self_service_password