This project is a fork of ldap-passwd-webui from jirutka with a lot of changes.
- The initial search for the userid is done by a qualified user, the
search_user. - The app only works for one LDAP-Server, support for password change on multiple LDAP server and AD was removed.
- Every connection to the LDAP-Server ist encrypted using STARTLS over the standardized tcp port 389 for ldap. The
possibility to connect via tcp/636 was removed, because it is deprecated. An alternative port can be configured
via
port-parameter in settings.ini. - You must provide a x509v3 root certificate to the app (
ca_certin setting.ini. The server certificate is verified against this root certificate. - A password validator was implemented, it checks for weak and trivial passphrases. Optionally you can add wordlists to the wordlists directory, any new password must not be part of these lists.
- Copy
settings.ini.exampletosettings.iniand edit it for your needs. - Copy the ca certificate to the filename provided via the
ca_certparameter in settings.ini. - [optional] Copy wordlists) to the
wordlistdirectory. - Build docker image:
docker build -t ldap-passwd-ui . - Start the container
docker run -it --rm -p "127.0.0.1:8080:8080" --name ldap-passwd-ui ldap-passwd-ui - Access the app via webbrowser at http://127.0.0.1:8080
Important: For use in production, you have to put the service behind a secure reverse proxy. An example for nginx can be found in the original docs
This project is licensed under MIT License. For the full text of the license, see the LICENSE file.
