搭建Self Service Password自助密码服务

  • 内容
  • 评论
  • 相关

一、前言

公司员工一直经常忘记域账户密码,因公司的AD又集成了很多其他业务系统,导致网络管理员经常性协助员工重置密码。所以一直想解放这一类操作,就有个工具。本文采用centos7+apache2.4+php7搭建

二、Self Service Password 介绍

Self Service Password是一个PHP程序,允许用户在一个LDAP目录更改他们的密码。官网地址:https://ltb-project.org

该应用程序可以在标准的LDAPv3目录(OpenLDAP,OpenDS,ApacheDS中被使用, Sun甲骨文DSEE,Novell公司等),并在Active Directory中

它具有以下特点:

  1. Samba 模式改变的Samba密码;
  2. 活动目录Active Directory模式;
  3. 本地密码策略(最小/最大长度,禁用字符,大小写,数字或特殊字符计数器,重新使用旧密码检查,复杂性(不同类的字符));
  4. 帮助信息;
  5. 通过问题重置;
  6. 通过邮件(通过邮件工具发送) 重置 ;
  7. 通过短信重置(通过外部电子邮件2短信服务);
  8. 验证码(谷歌API);
  9. 密码更改后的邮件通知。

注: 使用Self Service Password中的问题,邮件,短信功能重置密码可解锁锁定的域账户,在配置文件中配置。

三、安装 Self Service Password 必要条件

  1. 安装 Self Service Password 可以访问ldap服务器;
  2. Apache或其他Web服务器 ;
  3. PHP (版本5或更高) ;
  4. PHP LDAP(PHP组件);
  5. PHP MBSTRING (PHP组件) ;
  6. PHP MCRYPT (PHP组件, 令牌使用)。

四、下载Self Service Password

打开官方网站即可下载安装包,官网提供压缩包(.tar.gz)、Debian包(.deb文件)、RPM 包 (.rpm文件)下载。本次教程基于压缩包(.tar.gz) 安装。下方提供两个版本下载,一个是官方原版,一个是集成阿里云短信验证包版本。

下载 “ltb-project-self-service-password.tar.gz” ltb-project-self-service-password-1.3.tar.gz – 已下载47次 – 2 MB

下载 “ltb-project-self-service-password-aliyun-dysms” ltb-project-self-service-password-1.3-aliyun-dysms.zip – 已下载44次 – 4 MB

五、安装Self Service Password

1.上传压缩包到服务器并解压缩和取消归档压缩包;

tar zxvf ltb-project-self-service-password-VERSION.tar.gz

2.拷贝解压后的文件到WEB目录;

mv ltb-project-self-service-password-VERSION /data/http/html/self-service-password

3.编辑apache虚拟主机配置文件,本教程采用https访问,示例如下(apache搭建请参考相关文章);

<VirtualHost _default_:443>
    DocumentRoot "/data/http/html/self-service-password"
    ServerName it-adpass.xxxx.cn:443
    ServerAdmin xxx@xxxx.cn
    ErrorLog "/data/http/logs/it-adpass.xxxx.cn-error_log"
    TransferLog "/data/http/logs/it-adpass.xxxx.cn-access_log"

    SSLEngine on
    #   Server Certificate:
    SSLCertificateFile "/etc/apache/ssl/it-adpass.xxxx.cn.crt"
    #   Server Private Key:
    SSLCertificateKeyFile "/etc/apache/ssl/it-adpass.xxxx.cn.key"
    #   Server Certificate Chain:
    SSLCertificateChainFile "/etc/apache/ssl/it-adpass.xxxx.cn-CA.crt"
    #   Certificate Authority (CA):
    #SSLCACertificateFile "/etc/apache/ssl/ca-bundle.crt"
    <FilesMatch "\.(cgi|shtml|phtml|php)$">
        SSLOptions +StdEnvVars
    </FilesMatch>
    <Directory "/data/http/html/self-service-password">
        Allow From All
        AllowOverride All
        Options FollowSymLinks
    </Directory>
    <Directory "/usr/local/apache/cgi-bin">
        SSLOptions +StdEnvVars
    </Directory>
    BrowserMatch "MSIE [2-5]" \
         nokeepalive ssl-unclean-shutdown \
         downgrade-1.0 force-response-1.0

    CustomLog "/data/http/logs/it-adpass.xxxx.cn-ssl_request_log" \
          "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"

</VirtualHost>

4.重启apache后测试是否可以打开网页。

六、配置Self Service Password

1.在活动目录中新建一个用户,并赋予域管理员权限;

2.拷贝conf目录下的config.inc.php为config.inc.local.php;

3.按自己的实际情况及要求修改config.inc.local.php文件中的相关参数,说明如下:

<?php
#==============================================================================
# LTB Self Service Password
#
# Copyright (C) 2009 Clement OUDOT
# Copyright (C) 2009 LTB-project.org
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# GPL License: http://www.gnu.org/licenses/gpl.txt
#
#==============================================================================

#==============================================================================
# All the default values are kept here, you should not modify it but use
# config.inc.local.php file instead to override the settings from here.
#==============================================================================

#==============================================================================
# Configuration
#==============================================================================

# Debug mode
# true: log and display any errors or warnings (use this in configuration/testing)
# false: log only errors and do not display them (use this in production)
$debug = false; //调试模式

# LDAP
$ldap_url = "LDAPS://dc.xxxx.cn";  //LDAP服务器地址
$ldap_starttls = false;  ////LDAP服务器是否支持TLS
$ldap_binddn = "CN=xxx,CN=Users,DC=xxxx,DC=cn";  //连接LDAP服务器的账户DN
$ldap_bindpw = "xxxxxx";  //连接LDAP服务器的账户DN的密码
$ldap_base = "OU=1-XXXX,DC=xxxx,DC=cn";  //检索OU的路径
$ldap_login_attribute = "sAMAccountName";  //LDAP用户名字段
$ldap_fullname_attribute = "cn";  //LDAP用户全名字段
$ldap_filter = "(&(objectClass=user)(sAMAccountName={login})(sAMAccountType=805306368)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))";  //过滤LDAP用户规则

# Active Directory mode
# true: use unicodePwd as password field
# false: LDAPv3 standard behavior
$ad_mode = true;  //是否启用Active Directory模式
# Force account unlock when password is changed
$ad_options['force_unlock'] = true; //强制解锁:当密码更改将解锁锁定帐户
# Force user change password at next login
$ad_options['force_pwd_change'] = false;  //强制用户在下次登录时更改密码
# Allow user with expired password to change password
$ad_options['change_expired_password'] = true;  //允许用户更改密码,如果密码过期

# Samba mode
# true: update sambaNTpassword and sambaPwdLastSet attributes too
# false: just update the password
$samba_mode = false;  //是否启用Samba模式
# Set password min/max age in Samba attributes
#$samba_options['min_age'] = 5;
#$samba_options['max_age'] = 45;

# Shadow options - require shadowAccount objectClass
# Update shadowLastChange
$shadow_options['update_shadowLastChange'] = false;
$shadow_options['update_shadowExpire'] = false;

# Default to -1, never expire
$shadow_options['shadow_expire_days'] = -1;

# Hash mechanism for password:
# SSHA, SSHA256, SSHA384, SSHA512
# SHA, SHA256, SHA384, SHA512
# SMD5
# MD5
# CRYPT
# clear (the default)
# auto (will check the hash of current password)
# This option is not used with ad_mode = true
$hash = "clear";  //启用密码加密算法,此选项在Active Directory模式下被忽略。 

# Prefix to use for salt with CRYPT
$hash_options['crypt_salt_prefix'] = "$6$";
$hash_options['crypt_salt_length'] = "6";

# Local password policy
# This is applied before directory password policy
# Minimal length
$pwd_min_length = 6;  //定义最短密码位数
# Maximal length
$pwd_max_length = 14;  //定义最长密码位数
# Minimal lower characters
$pwd_min_lower = 0;  //定义密码应包含多少位小写字母
# Minimal upper characters
$pwd_min_upper = 0;  //定义密码应包含多少位大写字母
# Minimal digit characters
$pwd_min_digit = 0;  //定义密码应包含多少位数字
# Minimal special characters
$pwd_min_special = 0;  //定义密码应包含多少位特殊字符
# Definition of special characters
$pwd_special_chars = "^a-zA-Z0-9";  //定义密码正则表达式
# Forbidden characters
#$pwd_forbidden_chars = "@%";  //定义密码禁止的特殊字符
# Don't reuse the same password as currently
$pwd_no_reuse = true;  //是否禁止使用重复密码
# Check that password is different than login
$pwd_diff_login = true;  //检查密码是否与登录密码不同
# Complexity: number of different class of character required
$pwd_complexity = 3;  //定义密码应包含多少种组合
# use pwnedpasswords api v2 to securely check if the password has been on a leak
$use_pwnedpasswords = false;  //检查密码是否已在https://haveibeenpwned.com数据库中泄露
# Show policy constraints message:
# always
# never
# onerror
$pwd_show_policy = "always";  //是否显示密码更改策略
# Position of password policy constraints message:
# above - the form
# below - the form
$pwd_show_policy_pos = "above";  //定义密码更改策略显示位置

# Who changes the password?
# Also applicable for question/answer save
# user: the user itself
# manager: the above binddn
$who_change_password = "manager";  //定义使用什么账户来修改密码,如选用manager请确保binddn用户有修改用户密码的权限(建议域管理员身份)

## Standard change
# Use standard change form?
$use_change = true;  //启用密码更改功能

## SSH Key Change
# Allow changing of sshPublicKey?
$change_sshkey = false;

# What attribute should be changed by the changesshkey action?
$change_sshkey_attribute = "sshPublicKey";

# Who changes the sshPublicKey attribute?
# Also applicable for question/answer save
# user: the user itself
# manager: the above binddn
$who_change_sshkey = "user";

# Notify users anytime their sshPublicKey is changed
## Requires mail configuration below
$notify_on_sshkey_change = false;

## Questions/answers
# Use questions/answers?
# true (default)
# false
$use_questions = true;  //启用问题答案修改密码功能

# Answer attribute should be hidden to users!
$answer_objectClass = "user";  //如果$answer_attribute属性不是在标准用户对象类,配置对象类与此属性的使用方法,在Active Directory中,extensibleObject的是不知道。您可以使用user,
$answer_attribute = "info";  //LDAP用户存储问题密码字段,属性名称必须是小写

# Crypt answers inside the directory
$crypt_answers = false;  //是否加密问题答案

# Extra questions (built-in questions are in lang/$lang.inc.php)
#$messages['questions']['ice'] = "What is your favorite ice cream flavor?";
$messages['questions']['Q3'] = "你少年时代最好的朋友叫什么名字?";  //额外的问题
$messages['questions']['Q4'] = "你的第一个宠物叫什么名字?";
$messages['questions']['Q5'] = "你第一次坐飞机是去哪里?";
$messages['questions']['Q6'] = "你的理想工作是什么?";
$messages['questions']['Q7'] = "你拥有的第一辆车是什么型号?";
$messages['questions']['Q8'] = "你童年时代的绰号是什么?";
$messages['questions']['Q9'] = "你的第一个上司叫什么名字?";
$messages['questions']['Q10'] = "您最喜欢哪个球队?";

## Token
# Use tokens?
# true (default)
# false
$use_tokens = true;  //启用邮件修改密码功能
# Crypt tokens?
# true (default)
# false
$crypt_tokens = true;  //是否保持会话标识符,就是令牌生命周期
# Token lifetime in seconds
$token_lifetime = "3600";  //保持会话标识符时长(秒)

## Mail
# LDAP mail attribute
$mail_attribute = "wWWHomePage";  //LDAP用户存储邮箱地址字段
# Get mail address directly from LDAP (only first mail entry)
# and hide mail input field
# default = false
$mail_address_use_ldap = false;  //是否直接从LDAP获取邮件地址并隐藏邮件输入字段
# Who the email should come from
$mail_from = "service@xxxx.cn";  //定义邮件发件人地址
$mail_from_name = "Service";  //定义邮件发件人名称
$mail_signature = "";  //定义邮件发件人签名
# Notify users anytime their password is changed
$notify_on_change = true;  //定义更改密码时是否通知用户
# PHPMailer configuration (see https://github.com/PHPMailer/PHPMailer)    //设置PHPMailer的所有参数
$mail_sendmailpath = '/usr/sbin/sendmail';
$mail_protocol = 'smtp';
$mail_smtp_debug = 0;
$mail_debug_format = 'html';
$mail_smtp_host = 'mail.xxxx.cn';
$mail_smtp_auth = true;
$mail_smtp_user = 'service@xxxx.cn';
$mail_smtp_pass = 'xxxxxx';
$mail_smtp_port = 587;
$mail_smtp_timeout = 30;
$mail_smtp_keepalive = false;
$mail_smtp_secure = 'tls';
$mail_smtp_autotls = true;
$mail_contenttype = 'text/plain';
$mail_wordwrap = 0;
$mail_charset = 'utf-8';
$mail_priority = 3;
$mail_newline = PHP_EOL;

## SMS
# Use sms
$use_sms = true;  //启用短信修改密码功能
# SMS method (mail, api)
$sms_method = "api";  //定义使用哪种方法发送短信
$sms_api_lib = "lib/smsapi.inc.php";  //API脚本配置
# GSM number attribute
$sms_attribute = "mobile";  //LDAP用户存储手机号码字段
# Partially hide number
$sms_partially_hide_number = true;  //页面是否部分隐藏号码
# Send SMS mail to address
$smsmailto = "{sms_attribute}@service.provider.com";  //定义使用mail方法发送短信时发送短信到的邮件地址
# Subject when sending email to SMTP to SMS provider
$smsmail_subject = "Provider code";  //定义向SMTP提供商发送电子邮件时的主题
# Message
$sms_message = "{smsresetmessage} {smstoken}";  //定义消息模板
# Remove non digit characters from GSM number
$sms_sanitize_number = false;  //从手机号码中删除非数字字符
# Truncate GSM number
$sms_truncate_number = false;  //是否截断手机号码
$sms_truncate_number_length = 10;
# SMS token length
$sms_token_length = 6;  //短信验证码长度
# Max attempts allowed for SMS token
$max_attempts = 3;  //单个短信验证码重试次数

# Encryption, decryption keyphrase, required if $crypt_tokens = true
# Please change it to anything long, random and complicated, you do not have to remember it
# Changing it will also invalidate all previous tokens and SMS codes
$keyphrase = "xxxxxx";  //密钥短语,如果$crypt_tokens = true则需要更改为任何内容,不必记住它,更改它也会使所有以前的令牌和短信代码无效。

# Reset URL (if behind a reverse proxy)
#$reset_url = $_SERVER['HTTP_X_FORWARDED_PROTO'] . "://" . $_SERVER['HTTP_X_FORWARDED_HOST'] . $_SERVER['SCRIPT_NAME'];  //默认情况下,重置密码URL使用服务器名称和端口计算的,但如果应用背后是一个反向代理,这些值可能是错误的。在这种情况下,你可以自己设置网址

# Display help messages
$show_help = true;  //是否显示帮助信息

# Default language
$lang = "zh-CN";  //默认显示语言

# List of authorized languages. If empty, all language are allowed.
# If not empty and the user's browser language setting is not in that list, language from $lang will be used.
$allowed_lang = array();  //定义授权语言列表。 如果为空,则允许使用所有语言。

# Display menu on top
$show_menu = true;  //是否显示导航栏

# Logo
$logo = "images/logo.png";  //LOGO地址

# Background image
$background_image = "images/unsplash-lanse.jpg";  //背景图调用

# Where to log password resets - Make sure apache has write permission
# By default, they are logged in Apache log
$reset_request_log = "logs/self.log";  //定义日志存放路径,默认生成的URL记录在Apache日志中。

# Invalid characters in login
# Set at least "*()&|" to prevent LDAP injection
# If empty, only alphanumeric characters are accepted
$login_forbidden_chars = "*()&|";  //登录保护,以避免LDAP注射。某些字符是被禁止的

## CAPTCHA  //以下为谷歌CAPTCHA验证码调用配置
# Use Google reCAPTCHA (http://www.google.com/recaptcha)
$use_recaptcha = false;
# Go on the site to get public and private key
$recaptcha_publickey = "";
$recaptcha_privatekey = "";
# Customization (see https://developers.google.com/recaptcha/docs/display)
$recaptcha_theme = "light";
$recaptcha_type = "image";
$recaptcha_size = "normal";
# reCAPTCHA request method, null for default, Fully Qualified Class Name to override
# Useful when allow_url_fopen=0 ex. $recaptcha_request_method = '\ReCaptcha\RequestMethod\CurlPost';
$recaptcha_request_method = null;

## Default action
# change
# sendtoken
# sendsms
$default_action = "change";  //配置默认页面

## Extra messages  //编辑消息模板
# They can also be defined in lang/ files
#$messages['passwordchangedextramessage'] = NULL;
$messages['changehelpextramessage'] = ">>帐户被锁定请使用导航栏中的其他方式解锁账户并重置密码。<br />回答问题重置密码:请确认您已自行设置答案。<br />通过邮件发送链接:请确认您已联系管理员设置邮箱。<br />通过短信重置密码:请确认您已联系管理员设置手机号码。";

# Launch a posthook script after successful password change
#$posthook = "/usr/share/self-service-password/posthook.sh";  //密码更改成功后启动posthook脚本
#$display_posthook_error = true;

# Hide some messages to not disclose sensitive information
# These messages will be replaced by badcredentials error
$obscure_failure_messages = array("mailnomatch");  //让一些错误不显示

4.配置完成后测试,如有问题的可查看相关错误日志。

七、集成阿里云短信验证码

注:在ltb-project-self-service-password-aliyun-dysms.zip文件包中已集成阿里云短信API,大家也可自行集成或集成其他厂商。

1.下载阿里云API并解压到lib目录下;

2.拷贝lib目录下的smsapi-example.inc.php为smsapi.inc.php并编辑,示例如下:

function send_sms_by_api($mobile, $message) {

    # PHP code
    # ...

    # Or call to external script
    # $command = escapeshellcmd(/path/to/script).' '.escapeshellarg($mobile).' '.escapeshellarg($message);
    # exec($command);
	include_once 'aliyun-dysms-php-sdk/api_demo/Dysmsapi.php';
	$response = Dysmsapi::sendSms($mobile, $message);

    return 1;
}

3.配置lib/aliyun-dysms-php-sdk/api_demo/Dysmsapi.php中的阿里云短信相关参数,示例如下:

class Dysmsapi
{

    static $acsClient = null;

    /**
     * 取得AcsClient
     *
     * @return DefaultAcsClient
     */
    public static function getAcsClient() {
        //产品名称:云通信短信服务API产品,开发者无需替换
        $product = "Dysmsapi";

        //产品域名,开发者无需替换
        $domain = "dysmsapi.aliyuncs.com";

        // TODO 此处需要替换成开发者自己的AK (https://ak-console.aliyun.com/)
        $accessKeyId = "xxxxxx"; // AccessKeyId

        $accessKeySecret = "xxxxxxxx"; // AccessKeySecret

        // 暂时不支持多Region
        $region = "cn-hangzhou";

        // 服务结点
        $endPointName = "cn-hangzhou";


        if(static::$acsClient == null) {

            //初始化acsClient,暂不支持region化
            $profile = DefaultProfile::getProfile($region, $accessKeyId, $accessKeySecret);

            // 增加服务结点
            DefaultProfile::addEndpoint($endPointName, $region, $product, $domain);

            // 初始化AcsClient用于发起请求
            static::$acsClient = new DefaultAcsClient($profile);
        }
        return static::$acsClient;
    }

    /**
     * 发送短信
     * @return stdClass
     */
    public static function sendSms($mobile, $message) {

        // 初始化SendSmsRequest实例用于设置发送短信的参数
        $request = new SendSmsRequest();

        //可选-启用https协议
        //$request->setProtocol("https");

        // 必填,设置短信接收号码
        $request->setPhoneNumbers($mobile);

        // 必填,设置签名名称,应严格按"签名名称"填写,请参考: https://dysms.console.aliyun.com/dysms.htm#/develop/sign
        $request->setSignName("xxxx");

        // 必填,设置模板CODE,应严格按"模板CODE"填写, 请参考: https://dysms.console.aliyun.com/dysms.htm#/develop/template
        $request->setTemplateCode("xxxx");

        // 可选,设置模板参数, 假如模板中存在变量需要替换则为必填项
        $request->setTemplateParam(json_encode(array(  // 短信模板中字段的值
            "code"=>$message,
        ), JSON_UNESCAPED_UNICODE));

        // 可选,设置流水号
        $request->setOutId("yourOutId");

        // 选填,上行短信扩展码(扩展码字段控制在7位或以下,无特殊需求用户请忽略此字段)
        $request->setSmsUpExtendCode("1234567");

        // 发起访问请求
        $acsResponse = static::getAcsClient()->getAcsResponse($request);

        return $acsResponse;
    }

4.测试Self Service Password的短信功能。

评论

14条评论
  1. Gravatar 头像

    二少 回复

    您好!我按您的配置方法,也是出现了Windows Active Directory (LDAP)配置 Self Service Password 老是报错连接不上 LDAP,其中我看到apache虚拟主机配置中使用的是证书,我windows AD中导出的证书是.cer的,而你配置文件中的证书为.crt、。key,请问下这方面应该要怎么操作。也就是导入LINUX中的证书。实现ldaps连接。

      • Gravatar 头像

        二少 回复

        @yeboyzq 首先感谢您的回复,但是在实操过程中还是遇到了一些问题,主要还是在与Windows Active Directory (LDAP)的对接上出现问题,希望可以得到您的支持下。
        SSLEngine on
        # Server Certificate:
        SSLCertificateFile "/etc/apache/ssl/it-adpass.xxxx.cn.crt"
        # Server Private Key:
        SSLCertificateKeyFile "/etc/apache/ssl/it-adpass.xxxx.cn.key"
        # Server Certificate Chain:
        SSLCertificateChainFile "/etc/apache/ssl/it-adpass.xxxx.cn-CA.crt"
        # Certificate Authority (CA):
        #SSLCACertificateFile "/etc/apache/ssl/ca-bundle.crt"
        以上这些证书文件看着有点头大,请博主可否详细的说明下这方面的操作步骤。

        • Gravatar 头像

          yeboyzq 回复

          @二少 这个跟LDAP连接没有关系,这个地方是配置成https访问Self Service Password,如你不需要也可直接使用http访问即可

          • Gravatar 头像

            二少 回复

            @yeboyzq # LDAP
            $ldap_url = "LDAPS://dc.xxxx.cn"; //LDAP服务器地址
            $ldap_starttls = false; ////LDAP服务器是否支持TLS
            $ldap_binddn = "CN=xxx,CN=Users,DC=xxxx,DC=cn"; //连接LDAP服务器的账户DN
            $ldap_bindpw = "xxxxxx"; //连接LDAP服务器的账户DN的密码
            $ldap_base = "OU=1-XXXX,DC=xxxx,DC=cn"; //检索OU的路径
            $ldap_login_attribute = "sAMAccountName"; //LDAP用户名字段
            $ldap_fullname_attribute = "cn"; //LDAP用户全名字段
            $ldap_filter = "(&(objectClass=user)(sAMAccountName={login})(sAMAccountType=805306368)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))"; //过滤LDAP用户规则
            # Active Directory mode
            # true: use unicodePwd as password field
            # false: LDAPv3 standard behavior
            $ad_mode = true; //是否启用Active Directory模式
            # Force account unlock when password is changed
            $ad_options['force_unlock'] = true; //强制解锁:当密码更改将解锁锁定帐户
            # Force user change password at next login
            $ad_options['force_pwd_change'] = false; //强制用户在下次登录时更改密码
            # Allow user with expired password to change password
            $ad_options['change_expired_password'] = true; //允许用户更改密码,如果密码过期
            我大体上是安您这边的配置样式配置的。但是更改密码时提示:
            不能访问 LDAP 服务器
            这个LDAPS连接除了配置文件中要做外,是否还要在openssl的ldap.conf中加入从AD个人证书中导出的那个证书才可以使用ldaps连接,因为我看到你的配置文件是中以LDAPS连接的

      • Gravatar 头像

        二少 回复

        @yeboyzq 博主可否加个微信号,对这个方面的配置想和您咨询下。QQ:498092705

  2. Gravatar 头像

    Smaser 回复

    你好,参考你这个阿里云短信验证一直收不到短信,不知道是哪里还需配置,需要修改的地方就xxx地方吗?

  3. Gravatar 头像

    Kester 回复

    Windows Active Directory (LDAP)配置 Self Service Password 老是报错连接不上 LDAP,AD需要配置那些字段,有例子的指导的吗,谢谢!

    • Gravatar 头像

      yeboyzq 回复

      @Kester 文章里及配置文件里已经说得很清楚了哈。

    • Gravatar 头像

      yeboyzq 回复

      @Kester 报错有三种情况,LDAP加密方式不对,账户密码不对,防火墙拦截

    • Gravatar 头像

      二少 回复

      @Kester 你的问题解决了不?

发表评论

电子邮件地址不会被公开。 必填项已用*标注