Open sanket97 opened 5 months ago
Please use latest version (1.6.0) and see if the problem still occurs.
Tried latest version as well issue persists.
On Tue, May 21, 2024 at 5:45 PM coudot @.***> wrote:
Please use latest version (1.6.0) and see if the problem still occurs.
— Reply to this email directly, view it on GitHub https://github.com/ltb-project/self-service-password/issues/908#issuecomment-2122502038, or unsubscribe https://github.com/notifications/unsubscribe-auth/ABD27HINTQKAHDZLFUXQGKDZDM3HNAVCNFSM6AAAAABIBJO6YWVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDCMRSGUYDEMBTHA . You are receiving this because you authored the thread.Message ID: @.***>
Hello @sanket97
I tried to reproduce the problem with 1.6.0 version. (on debian 12)
The log message is:
[Wed May 22 16:52:33.812838 2024] [php:notice] [pid 38731] [client 127.0.0.1:34438] LDAP - Modify password error 19 (Password is in history of old passwords), referer: http://ssp.example.com/
But there is a clear message displayed to the user: (in a red banner)
Password is in history of old passwords (Password is in history of old passwords)
Could you provide more information on how to reproduce please? At least a complete configuration.
Here is config.inc.local.php file which is used for this.
I have installed the same using apt install
Do I need to enable ldaps ? currently using ldap://
Thanks Sandeep
On Wed, May 22, 2024 at 8:40 PM davidcoutadeur @.***> wrote:
Hello @sanket97 https://github.com/sanket97
I tried to reproduce the problem with 1.6.0 version. (on debian 12)
The log message is:
[Wed May 22 16:52:33.812838 2024] [php:notice] [pid 38731] [client 127.0.0.1:34438] LDAP - Modify password error 19 (Password is in history of old passwords), referer: http://ssp.example.com/
But there is a clear message displayed to the user: (in a red banner)
Password is in history of old passwords (Password is in history of old passwords)
Could you provide more information on how to reproduce please? At least a complete configuration.
— Reply to this email directly, view it on GitHub https://github.com/ltb-project/self-service-password/issues/908#issuecomment-2125046020, or unsubscribe https://github.com/notifications/unsubscribe-auth/ABD27HJKY6KIU2OXUNLHROLZDSYODAVCNFSM6AAAAABIBJO6YWVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDCMRVGA2DMMBSGA . You are receiving this because you were mentioned.Message ID: @.***>
Hello,
Here is config.inc.local.php file which is used for this.
I don't see any attachment in the issue, or in the notification mail.
Do I need to enable ldaps ? currently using ldap://
In general: yes, it is recommended, but I don't think it's your problem here. Theoretically, the message in the log and the message in the interface should be coherent.
Attachment is there will attach again. not sure why it is not there.. I have renamed it as txt.
Thanks Sandeep
On Fri, May 24, 2024 at 1:55 PM davidcoutadeur @.***> wrote:
Hello,
Here is config.inc.local.php file which is used for this.
I don't see any attachment in the issue, or in the notification mail.
Do I need to enable ldaps ? currently using ldap://
In general: yes, it is recommended, but I don't think it's your problem here. Theoretically, the message in the log and the message in the interface should be coherent.
— Reply to this email directly, view it on GitHub https://github.com/ltb-project/self-service-password/issues/908#issuecomment-2128898528, or unsubscribe https://github.com/notifications/unsubscribe-auth/ABD27HM7O5324LD47JBRDJ3ZD32OPAVCNFSM6AAAAABIBJO6YWVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDCMRYHA4TQNJSHA . You are receiving this because you were mentioned.Message ID: @.***>
<?php
#
#
#
#
#
$debug = true;
$ldap_url = "ldap://cnmaestro.cambium.local"; $ldap_starttls = false; $ldap_binddn = "cn=admin,dc=cnmaestro,dc=cambium,dc=local"; $ldap_bindpw = @.**'; // for GSSAPI authentication, comment out ldap_bind and uncomment ldap_krb5ccname lines //$ldap_krb5ccname = "/path/to/krb5cc"; $ldap_base = "dc=cnmaestro,dc=cambium,dc=local"; $ldap_login_attribute = "uid"; $ldap_fullname_attribute = "cn"; $ldap_filter = "(&(objectClass=person)($ldap_login_attribute={login}))"; $ldap_use_exop_passwd = true; $ldap_use_ppolicy_control = true;
$ad_mode = false; $ad_options=[];
$ad_options['force_unlock'] = false;
$ad_options['force_pwd_change'] = false;
$ad_options['change_expired_password'] = false;
$samba_mode = false; $samba_options=[];
$shadow_options=[];
$shadow_options['update_shadowLastChange'] = true; $shadow_options['update_shadowExpire'] = true;
$shadow_options['shadow_expire_days'] = 90;
$hash = "auto";
$hash_options=[];
$hash_options['crypt_salt_prefix'] = "$6$"; $hash_options['crypt_salt_length'] = "6";
$use_ratelimit = false;
$max_attempts_per_user = 2;
$max_attempts_per_ip = 2;
$max_attempts_block_seconds = "60";
$client_ip_header = 'REMOTE_ADDR';
$pwd_min_length = 8;
$pwd_max_length = 0;
$pwd_min_lower = 1;
$pwd_min_upper = 1;
$pwd_min_digit = 1;
$pwd_min_special = 0;
$pwd_special_chars = "^a-zA-Z0-9";
$pwd_no_reuse = true;
$pwd_diff_login = true;
$pwd_diff_last_min_chars = 3;
$pwd_forbidden_words = array('test', 'admin', 'password', 'qwerty');
$pwd_forbidden_ldap_fields = array('cn', 'givenname', 'sn', 'uid');
$pwd_complexity = 3;
$use_pwnedpasswords = false;
$pwd_show_policy = "onerror";
$pwd_show_policy_pos = "above";
$pwd_special_chars
at the beginning and end$pwd_no_special_at_ends = false;
$who_change_password = "user";
$show_extended_error = true;
$use_change = true;
$change_sshkey = false;
$change_sshkey_attribute = "sshPublicKey";
$change_sshkey_objectClass = "ldapPublicKey";
$ssh_valid_key_types = array('ssh-rsa', 'ssh-dss', 'ecdsa-sha2-nistp256', 'ecdsa-sha2-nistp384', 'ecdsa-sha2-nistp521', 'ssh-ed25519');
$who_change_sshkey = "user";
$notify_on_sshkey_change = false;
$use_questions = false;
$multiple_answers = false;
$multiple_answers_one_str = false;
$answer_objectClass = "extensibleObject"; $answer_attribute = "info";
$crypt_answers = false;
$questions_use_default = true;
$questions_count = 1;
$question_populate_enable = false;
$use_tokens = false;
$crypt_tokens = false;
$mail_attributes = array( "mail", "gosaMailAlternateAddress", "proxyAddresses" );
$mail_address_use_ldap = false;
$mail_from = @.***"; $mail_from_name = "Self Service Password"; $mail_signature = "";
$notify_on_change = false;
$mail_sendmailpath = '/usr/sbin/sendmail'; $mail_protocol = 'smtp'; $mail_smtp_debug = 0; $mail_debug_format = 'error_log'; $mail_smtp_host = 'localhost'; $mail_smtp_auth = false; $mail_smtp_user = ''; $mail_smtp_pass = ''; $mail_smtp_port = 25; $mail_smtp_timeout = 30; $mail_smtp_keepalive = false; $mail_smtp_secure = 'tls'; $mail_smtp_autotls = true; $mail_smtp_options = array(); $mail_contenttype = 'text/plain'; $mail_wordwrap = 0; $mail_charset = 'utf-8'; $mail_priority = 3;
$use_sms = false;
$sms_method = "mail"; $sms_api_lib = "lib/smsapi.inc.php";
$sms_attributes = array( "mobile", "pager", "ipPhone", "homephone" );
$sms_partially_hide_number = true;
$smsmailto = @.***";
$smsmail_subject = "Provider code";
$sms_message = "{smsresetmessage} {smstoken}";
$sms_sanitize_number = false;
$sms_truncate_number = false; $sms_truncate_number_length = 10;
$sms_token_length = 6;
$max_attempts = 3;
$keyphrase = "7rRy0}96#4E7#kzb%:,25X}c&66rU";
$show_help = true;
$lang = "en";
$allowed_lang = array();
$show_menu = true;
$logo = "images/ltb-logo.png";
$background_image = "images/unsplash-space.jpeg";
$custom_css = ""; $display_footer = true;
$reset_request_log = "/var/log/self-service-password";
$login_forbidden_chars = "*()&|";
$use_captcha = false;
$default_action = "change";
$use_restapi = false;
$obscure_failure_messages = array("mailnomatch"); $obscure_usernotfound_sendtoken = true;
$smarty_compile_dir = "/var/cache/self-service-password/templates_c"; $smarty_cache_dir = "/var/cache/self-service-password/cache";
$smarty_debug = false;
if (file_exists (DIR . '/config.inc.local.php')) { require_once DIR . '/config.inc.local.php'; }
if (!defined("SMARTY")) { define("SMARTY", "/usr/share/php/smarty3/Smarty.class.php"); }
$presetLogin = ""; if (isset($header_name_presetlogin)) { $presetLoginKey = "HTTP".strtoupper(strreplace('-','',$header_name_preset_login)); if (array_key_exists($presetLoginKey, $_SERVER)) { $presetLogin = pregreplace("/[^a-zA-Z0-9-@.]+/", "", filter_var($_SERVER[$presetLoginKey], FILTER_SANITIZE_STRING, FILTER_FLAG_STRIP_HIGH)); } }
if (isset($header_name_extraconfig)) { $extraConfigKey = "HTTP".strtoupper(strreplace('-','',$header_name_extra_config)); if (array_key_exists($extraConfigKey, $_SERVER)) { $extraConfig = pregreplace("/[^a-zA-Z0-9-]+/", "", filter_var($_SERVER[$extraConfigKey], FILTER_SANITIZE_STRING, FILTER_FLAG_STRIP_HIGH)); if (strlen($extraConfig) > 0 && file_exists (DIR . "/config.inc.".$extraConfig.".php")) { require_once DIR . "/config.inc.".$extraConfig.".php"; } } }
$ldap_use_exop_passwd = true;
$ldap_use_ppolicy_control = true;
This does not work, this is a bug in PHP (see https://bugs.php.net/bug.php?id=80820)
If you want to use ppolicy, set exop_passwd to false.
Thanks will try this and update.
On Fri, 24 May 2024 at 7:22 PM, coudot @.***> wrote:
$ldap_use_exop_passwd = true; $ldap_use_ppolicy_control = true;
This does not work, this is a bug in PHP (see https://bugs.php.net/bug.php?id=80820)
If you want to use ppolicy, set exop_passwd to false.
— Reply to this email directly, view it on GitHub https://github.com/ltb-project/self-service-password/issues/908#issuecomment-2129593307, or unsubscribe https://github.com/notifications/unsubscribe-auth/ABD27HJMUZ5ZSY4RTH3WMZ3ZD5AY3AVCNFSM6AAAAABIBJO6YWVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDCMRZGU4TGMZQG4 . You are receiving this because you were mentioned.Message ID: @.***>
That worked..
Thanks
On Fri, May 24, 2024 at 8:48 PM Sandeep @.***> wrote:
Thanks will try this and update.
On Fri, 24 May 2024 at 7:22 PM, coudot @.***> wrote:
$ldap_use_exop_passwd = true; $ldap_use_ppolicy_control = true;
This does not work, this is a bug in PHP (see https://bugs.php.net/bug.php?id=80820)
If you want to use ppolicy, set exop_passwd to false.
— Reply to this email directly, view it on GitHub https://github.com/ltb-project/self-service-password/issues/908#issuecomment-2129593307, or unsubscribe https://github.com/notifications/unsubscribe-auth/ABD27HJMUZ5ZSY4RTH3WMZ3ZD5AY3AVCNFSM6AAAAABIBJO6YWVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDCMRZGU4TGMZQG4 . You are receiving this because you were mentioned.Message ID: @.***>
Using 1.5.4 version of self-service-password OS : Ubuntu 23.04.
Extended Errors like "Password is in history" does not show. it appears in log.
have set in config.inc.local.php.
$show_extended_error = true; any pointer.
Thanks