diff options
author | Sandro Rüegge | 2018-07-22 21:16:07 +0200 |
---|---|---|
committer | Sandro Rüegge | 2018-07-22 21:16:07 +0200 |
commit | 0af041f85c14d6ed4487485a4a34ac69ce4e9b25 (patch) | |
tree | 438098f1e1e8082f43b3d2596f4262c5108b9be8 | |
download | aur-0af041f85c14d6ed4487485a4a34ac69ce4e9b25.tar.gz |
Initial upload
-rw-r--r-- | .SRCINFO | 21 | ||||
-rw-r--r-- | PKGBUILD | 37 | ||||
-rw-r--r-- | apache.example.conf | 38 | ||||
-rw-r--r-- | config.php | 71 |
4 files changed, 167 insertions, 0 deletions
diff --git a/.SRCINFO b/.SRCINFO new file mode 100644 index 000000000000..eb787e092ac5 --- /dev/null +++ b/.SRCINFO @@ -0,0 +1,21 @@ +pkgbase = self-service-password + pkgdesc = A small webinterface for changing/resetting ldap passwords + pkgver = 1.3 + pkgrel = 9 + url = https://ltb-project.org/documentation/self-service-password + arch = any + license = GPL3 + depends = php>=5 + depends = php-ldap + optdepends = php-mbstring: For resetting passwords by mail + optdepends = php-mcrypt: For token resets + backup = etc/webapps/self-service-password/config.php + source = https://ltb-project.org/archives/ltb-project-self-service-password-1.3.tar.gz + source = config.php + source = apache.example.conf + sha512sums = 71aec5a3673ee710d4ba4a17862c695e0775ad944d85c8e05e826774010b8e905af5ab9e75886bc8c2efb9d9372ffe00d8856024e9656e1c71a57017b0eeac6d + sha512sums = 8b672a77c9b269e4885a345bb1daeaa090f334f6391f691290e4e39157b30164f9248181c93865cdeabbf5e0537907168dae672abbbe28b65dd188e7fdb29000 + sha512sums = b4a527a2a66fa80d66f071c6dc7aeed333462581a119f9b2e79b4f102b6d5ffe28ce4e30792da53b0f6926268fe23db59cbeea3cfe702642d73919baca65c0be + +pkgname = self-service-password + diff --git a/PKGBUILD b/PKGBUILD new file mode 100644 index 000000000000..78275deb5049 --- /dev/null +++ b/PKGBUILD @@ -0,0 +1,37 @@ +# Maintainer: Sandro Rüegge <sandro.rueegge@gmail.com> +pkgname=self-service-password +pkgver=1.3 +pkgrel=9 +pkgdesc="A small webinterface for changing/resetting ldap passwords" +arch=('any') +url="https://ltb-project.org/documentation/self-service-password" +license=('GPL3') +depends=('php>=5' + 'php-ldap') +optdepends=( + 'php-mbstring: For resetting passwords by mail' + 'php-mcrypt: For token resets' +) +backup=("etc/webapps/$pkgname/config.php") +source=("https://ltb-project.org/archives/ltb-project-$pkgname-$pkgver.tar.gz" + 'config.php' + 'apache.example.conf') +sha512sums=('71aec5a3673ee710d4ba4a17862c695e0775ad944d85c8e05e826774010b8e905af5ab9e75886bc8c2efb9d9372ffe00d8856024e9656e1c71a57017b0eeac6d' + '8b672a77c9b269e4885a345bb1daeaa090f334f6391f691290e4e39157b30164f9248181c93865cdeabbf5e0537907168dae672abbbe28b65dd188e7fdb29000' + 'b4a527a2a66fa80d66f071c6dc7aeed333462581a119f9b2e79b4f102b6d5ffe28ce4e30792da53b0f6926268fe23db59cbeea3cfe702642d73919baca65c0be') + +package() { + # install the project + install -d ${pkgdir}/usr/share/webapps/${pkgname} + cp -r ${srcdir}/ltb-project-${pkgname}-${pkgver}/* ${pkgdir}/usr/share/webapps/${pkgname} + # set the correct permission + chown -R root:root ${pkgdir}/usr/share/webapps/${pkgname} + find ${pkgdir}/usr/share/webapps/${pkgname} -type f -exec chmod 0644 {} \; + find ${pkgdir}/usr/share/webapps/${pkgname} -type d -exec chmod 0755 {} \; + + # install the configuration + install -d ${pkgdir}/etc/webapps/${pkgname} + install -m 640 -o root -g root ${srcdir}/config.php ${pkgdir}/etc/webapps/${pkgname} + install -m 644 -o root -g root ${srcdir}/apache.example.conf ${pkgdir}/etc/webapps/${pkgname} + ln -sf /etc/webapps/${pkgname}/config.php ${pkgdir}/usr/share/webapps/${pkgname}/conf/config.inc.local.php +} diff --git a/apache.example.conf b/apache.example.conf new file mode 100644 index 000000000000..5060c76b0ec7 --- /dev/null +++ b/apache.example.conf @@ -0,0 +1,38 @@ +<VirtualHost *:80> + ServerName ssp.sparchatus.ch + DocumentRoot /usr/share/webapps/self-service-password + + LogLevel warn + ErrorLog /var/log/httpd/ssp_error.log + CustomLog /var/log/httpd/ssp_access.log combined + + RewriteEngine on + RewriteCond %{SERVER_NAME} =ssp.sparchatus.ch + RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent] +</VirtualHost> + +<VirtualHost *:443> + ServerName ssp.sparchatus.ch + DocumentRoot /usr/share/webapps/self-service-password + + AddDefaultCharset UTF-8 + + <Directory /usr/share/webapps/self-service-password/> + AllowOverride None + Require all granted + DirectoryIndex index.php + </Directory> + + <Directory /usr/share/webapps/self-service-password/scripts/> + AllowOverride None + Require all denied + </Directory> + + LogLevel warn + ErrorLog /var/log/httpd/ssp_error.log + CustomLog /var/log/httpd/ssp_access.log combined + + SSLCertificateFile /etc/letsencrypt/live/ssp.sparchatus.ch/fullchain.pem + SSLCertificateKeyFile /etc/letsencrypt/live/ssp.sparchatus.ch/privkey.pem + Include /etc/letsencrypt/options-ssl-apache.conf +</VirtualHost> diff --git a/config.php b/config.php new file mode 100644 index 000000000000..adb9ca7dab85 --- /dev/null +++ b/config.php @@ -0,0 +1,71 @@ +<?php +# +# Overrides the default parameters in config.inc.php +# +# You should set the correct LDAP configuration, +# select the desired password policy (0 is off), +# choose which ways the users should be allowed +# to reset the password. Also change the keyphrase +# from 'secret' to a long random string. +# + +# display the top menu +$show_menu = false; + +# LDAP config +$ldap_url = "ldap://localhost"; +$ldap_starttls = false; +$ldap_binddn = "uid=someone,ou=something,dc=example,dc=com"; +$ldap_bindpw = "secret pw"; +$ldap_base = "dc=example,dc=com"; +$ldap_login_attribute = "uid"; +$ldap_fullname_attribute = "displayName"; +$ldap_filter = "(&(objectClass=inetOrgPerson)($ldap_login_attribute={login}))"; + +# Local password policy +# This is applied before directory password policy +# Minimal length +$pwd_min_length = 8; +# Maximal length +$pwd_max_length = 0; +# Minimal lower characters +$pwd_min_lower = 0; +# Minimal upper characters +$pwd_min_upper = 0; +# Minimal digit characters +$pwd_min_digit = 2; +# Minimal special characters +$pwd_min_special = 1; +# Definition of special characters +$pwd_special_chars = "^a-zA-Z0-9"; +# Forbidden characters +#$pwd_forbidden_chars = "@%"; +# Don't reuse the same password as currently +$pwd_no_reuse = true; +# Check that password is different than login +$pwd_diff_login = true; +# Complexity: number of different class of character required +$pwd_complexity = 3; +# use pwnedpasswords api v2 to securely check if the password has been on a leak +$use_pwnedpasswords = true; +# Show policy constraints message: +# always +# never +# onerror +$pwd_show_policy = "onerror"; +# Position of password policy constraints message: +# above - the form +# below - the form +$pwd_show_policy_pos = "above"; + +## Questions +$use_questions = false; + +## Token +$use_tokens = false; +$keyphrase = "secret"; + +## SMS +$use_sms = false; + +?> |