search

ltb-project / self-service-password

Web interface to change and reset password in an LDAP directory
https://self-service-password.readthedocs.io/en/latest/
GNU General Public License v3.0
1.17k stars 327 forks source link

cant change password to any accounts #1000

Open slaygirlz opened 1 month ago

slaygirlz commented 1 month ago

looking at the logs it cant find any user named (edge) that im resetting to test

bellow is my config please all passwords are fake the ou has been modfiyed to hide the org

<?php

Debug mode

true: log and display any errors or warnings (use this in configuration/testing)

false: log only errors and do not display them (use this in production)

$debug = true;

LDAP

$ldap_url = "ldap://internal.domain-college.co.nz"; $ldap_starttls = false; $ldap_binddn = "CN=NUC Computer,OU=Service Accounts,OU=RosCollege,DC=internal,DC=roill-collge,DC=co,DC=nz"; $ldap_bindpw = "Pass2024"; $ldap_base = "DC=internal,DC=rosell-college,DC=co,DC=nz"; $ldap_login_attribute = "uid"; $ldap_fullname_attribute = "cn"; $ldap_filter = "(&(objectClass=posixAccount)($ldap_login_attribute={login}))";

$shadow_options['update_shadowLastChange'] = true; $shadow_options['update_shadowExpire'] = true;

$shadow_options['shadow_expire_days'] = 60;

$hash = "auto";

$hash_options['crypt_salt_prefix'] = "$6$"; $hash_options['crypt_salt_length'] = "6";

$pwd_min_length = 12;

$pwd_max_length = 15;

$pwd_min_lower = 1;

$pwd_min_upper = 1;

$pwd_min_digit = 1;

$pwd_min_special = 1;

$pwd_special_chars = "^a-zA-Z0-9";

$pwd_no_reuse = true;

$pwd_diff_login = true;

$pwd_complexity = 1;

$use_pwnedpasswords = false;

$pwd_show_policy = "always";

$pwd_show_policy_pos = "above";

$who_change_password = "user";

$use_change = true;

$change_sshkey = false;

$change_sshkey_attribute = "sshPublicKey";

$who_change_sshkey = "user";

$notify_on_sshkey_change = false;

$use_questions = true;

$answer_objectClass = "extensibleObject"; $answer_attribute = "info";

$crypt_answers = true;

$use_tokens = true; $crypt_tokens = true; $token_lifetime = "3600";

$keyphrase = "7rRy0}96#4E7#kzb%:,25X}c&66rU";

$show_help = true;

$lang = "en";

$allowed_lang = array();

$show_menu = true;

$logo = "images/kifarunix-logo.png";

$background_image = "images/unsplash-space.jpeg";

$login_forbidden_chars = "*()&|";

$default_action = "change"; ?>

slaygirlz commented 1 month ago 

<?php
# Debug mode
# true: log and display any errors or warnings (use this in configuration/testing)
# false: log only errors and do not display them (use this in production)
$debug = true;

# LDAP
$ldap_url = "ldap://internal.rosehill-college.co.nz";
$ldap_starttls = false;
$ldap_binddn = "CN=NUC Computer,OU=Service Accounts,OU=RosehillCollege,DC=internal,DC=rosehill-college,DC=co,DC=nz";
$ldap_bindpw = "Pass2024";
$ldap_base = "DC=internal,DC=rosehill-college,DC=co,DC=nz";
$ldap_login_attribute = "uid";
$ldap_fullname_attribute = "cn";
$ldap_filter = "(&(objectClass=posixAccount)($ldap_login_attribute={login}))";

$shadow_options['update_shadowLastChange'] = true;
$shadow_options['update_shadowExpire'] = true;

$shadow_options['shadow_expire_days'] = 60;

$hash = "auto";

$hash_options['crypt_salt_prefix'] = "$6$";
$hash_options['crypt_salt_length'] = "6";

#$pwd_min_length = 12;
#$pwd_max_length = 15;
#$pwd_min_lower = 1;
#$pwd_min_upper = 1;
#$pwd_min_digit = 1;
#$pwd_min_special = 1;
#$pwd_special_chars = "^a-zA-Z0-9";
#$pwd_no_reuse = true;
#$pwd_diff_login = true;
#$pwd_complexity = 1;
#$use_pwnedpasswords = false;
#$pwd_show_policy = "always";
#$pwd_show_policy_pos = "above";

$who_change_password = "user";

$use_change = true;

$change_sshkey = false;

$change_sshkey_attribute = "sshPublicKey";

$who_change_sshkey = "user";

$notify_on_sshkey_change = false;

$use_questions = true;

$answer_objectClass = "extensibleObject";
$answer_attribute = "info";

$crypt_answers = true;

$use_tokens = true;
$crypt_tokens = true;
$token_lifetime = "3600";

$keyphrase = "7rRy0}96#4E7#kzb%:,25X}c&66rU";

$show_help = true;

$lang = "en";

$allowed_lang = array();

$show_menu = true;

#$logo = "images/kifarunix-logo.png";

#$background_image = "images/unsplash-space.jpeg";

$login_forbidden_chars = "*()&|";

$default_action = "change";
?>`
coudot commented 1 month ago

Hello, on Active Directory you should configure:

$ldap_login_attribute = "sAMAccountName";

Or directly edit the LDAP filter like written in the docs: https://self-service-password.readthedocs.io/en/stable/config_ldap.html#active-directory

slaygirlz commented 1 month ago

thank you so much editing the attribute and filter worked

slaygirlz commented 1 month ago

okay after testing the user password isnt changing

slaygirlz commented 1 month ago

image its adding her it should just reset the user

coudot commented 1 month ago

You forgot to enable AD mode.

Read the documentation carefully: https://self-service-password.readthedocs.io/en/stable/config_ldap.html#active-directory

slaygirlz commented 1 month ago

yes I have read the docs when i found out ad mode :) now my last issue it says ldap refusing password i have tried very hard passwords

slaygirlz commented 1 month ago

mistake understand whats needing again

slaygirlz commented 1 month ago

sorry but im stuck on here https://ltb-project.org/documentation/active_directory_certificates.html i need the ssl so i have the certificate open image but i can't create a ssl certificate been right clicking to see create one

slaygirlz commented 1 month ago

good news i managed to get the servers key now i get this error

AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 172.18.0.2. Set the 'ServerName' directive globally to suppress this message

AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 172.18.0.2. Set the 'ServerName' directive globally to suppress this message

[Mon Oct 14 12:47:43.867495 2024] [mpm_prefork:notice] [pid 1:tid 1] AH00163: Apache/2.4.62 (Debian) PHP/8.3.11 configured -- resuming normal operations

[Mon Oct 14 12:47:43.867513 2024] [core:notice] [pid 1:tid 1] AH00094: Command line: 'apache2 -D FOREGROUND'

[Mon Oct 14 12:47:45.122444 2024] [php:error] [pid 17:tid 17] [client 172.18.0.1:50010] PHP Fatal error: Uncaught Error: Undefined constant "TLS_CACERT" in /var/www/conf/config.inc.local.php:87\nStack trace:\n#0 /var/www/config.inc.php.orig(503): require_once()\n#1 /var/www/htdocs/index.php(11): require_once('...')\n#2 {main}\n thrown in /var/www/conf/config.inc.local.php on line 87, referer: http://10.0.13.5:8032/index.php?action=sendtoken

172.18.0.1 - - [14/Oct/2024:12:47:45 +0000] "GET /index.php HTTP/1.1" 500 211 "http://10.0.13.5:8032/index.php?action=sendtoken" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36 Edg/129.0.0.0"