Usermangement is a PHP application based on "Self Service Password" (https://github.com/ltb-project/self-service-password) that allows users to manage their data in an LDAP directory.
The application can be used on standard LDAPv3 directories (OpenLDAP, OpenDS, ApacheDS, Sun Oracle DSEE, Novell, etc.) and also on Active Directory. Currently I am only able to test it on a Samba Active Directory environmnet. Thanks to everybody who can check if it works with other LDAP services also!
It has the following features:
- Samba mode to change Samba passwords
- Active directory mode
- Local password policy:
- Minimum/maximum length
- Forbidden characters
- Upper, Lower, Digit or Special characters counters
- Reuse old password check
- Password same as login
- Complexity (different class of characters)
- Help messages
- Reset by questions
- Reset by mail challenge (token sent by mail)
- Reset by SMS (trough external Email 2 SMS service or SMS API)
- Change SSH Key in LDAP directory
- reCAPTCHA (Google API)
- Mail notification after password change
- Hook script after password change
- editing of general user settings in ldap
- upload profile images to ldap (full size image stored in 'photo' attribute, scaled down images (500x500) stored in 'thumbnailPhoto' and 'jpegPhoto')
- administration mode (based on configurable user group) to
- change other users settings
- assign groups/object classes
- create users
- delete users
- dynamic configuration of custom attributes to show/edit
- alter configuration of existing attributes
- rename "conf/config.inc.default.php" to "conf/config.inc.php" and adjust your settings
- PHP extensions required:
- php-openssl (token crypt, probably built-in)
- php-mbstring (reset mail)
- php-curl (haveibeenpwned api)
- php-ldap
- php-filter
- php-intl
- strong cryptography functions available (for random_compat, php 7 or libsodium or /dev/urandom readable or php-mcrypt extension installed)
- valid PHP mail server configuration (reset mail)
- valid PHP session