Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- [root@awsvirprolapp01 httpd]# cat /usr/share/self-service-password/conf/config.inc.php
- <?php
- #==============================================================================
- # LTB Self Service Password
- #
- # Copyright (C) 2009 Clement OUDOT
- # Copyright (C) 2009 LTB-project.org
- #
- # This program is free software; you can redistribute it and/or
- # modify it under the terms of the GNU General Public License
- # as published by the Free Software Foundation; either version 2
- # of the License, or (at your option) any later version.
- #
- # This program is distributed in the hope that it will be useful,
- # but WITHOUT ANY WARRANTY; without even the implied warranty of
- # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- # GNU General Public License for more details.
- #
- # GPL License: http://www.gnu.org/licenses/gpl.txt
- #
- #==============================================================================
- #==============================================================================
- # Configuration
- #==============================================================================
- # Debug mode
- # true: log and display any errors or warnings (use this in configuration/testing)
- # false: log only errors and do not display them (use this in production)
- $debug = true;
- # LDAP
- $ldap_url = "ldap://ldap.xxxxxxx.com";
- $ldap_starttls = true;
- $ldap_binddn = "uid=user,ou=Users,ou=Brazil,dc=xxxxxxx,dc=com";
- $ldap_bindpw = "password";
- $ldap_base = "dc=xxxxxxx,dc=com";
- $ldap_login_attribute = "uid";
- $ldap_fullname_attribute = "cn";
- $ldap_filter = "(&(objectClass=person)($ldap_login_attribute={login}))";
- # Active Directory mode
- # true: use unicodePwd as password field
- # false: LDAPv3 standard behavior
- $ad_mode = false;
- # Force account unlock when password is changed
- $ad_options['force_unlock'] = false;
- # Force user change password at next login
- $ad_options['force_pwd_change'] = false;
- # Allow user with expired password to change password
- $ad_options['change_expired_password'] = false;
- # Samba mode
- # true: update sambaNTpassword and sambaPwdLastSet attributes too
- # false: just update the password
- $samba_mode = false;
- # Set password min/max age in Samba attributes
- #$samba_options['min_age'] = 5;
- #$samba_options['max_age'] = 45;
- # Shadow options - require shadowAccount objectClass
- # Update shadowLastChange
- $shadow_options['update_shadowLastChange'] = false;
- $shadow_options['update_shadowExpire'] = false;
- # Default to -1, never expire
- $shadow_options['shadow_expire_days'] = -1;
- # Hash mechanism for password:
- # SSHA, SSHA256, SSHA384, SSHA512
- # SHA, SHA256, SHA384, SHA512
- # SMD5
- # MD5
- # CRYPT
- # clear (the default)
- # auto (will check the hash of current password)
- # This option is not used with ad_mode = true
- $hash = "MD5Crypt";
- # Prefix to use for salt with CRYPT
- $hash_options['crypt_salt_prefix'] = "$6$";
- $hash_options['crypt_salt_length'] = "6";
- # Local password policy
- # This is applied before directory password policy
- # Minimal length
- $pwd_min_length = 0;
- # Maximal length
- $pwd_max_length = 0;
- # Minimal lower characters
- $pwd_min_lower = 0;
- # Minimal upper characters
- $pwd_min_upper = 0;
- # Minimal digit characters
- $pwd_min_digit = 0;
- # Minimal special characters
- $pwd_min_special = 0;
- # Definition of special characters
- $pwd_special_chars = "^a-zA-Z0-9";
- # Forbidden characters
- #$pwd_forbidden_chars = "@%";
- # Don't reuse the same password as currently
- $pwd_no_reuse = false;
- # Check that password is different than login
- $pwd_diff_login = true;
- # Complexity: number of different class of character required
- $pwd_complexity = 0;
- # Show policy constraints message:
- # always
- # never
- # onerror
- $pwd_show_policy = "never";
- # Position of password policy constraints message:
- # above - the form
- # below - the form
- $pwd_show_policy_pos = "above";
- # Who changes the password?
- # Also applicable for question/answer save
- # user: the user itself
- # manager: the above binddn
- $who_change_password = "manager";
- ## Standard change
- # Use standard change form?
- $use_change = true;
- ## SSH Key Change
- # Allow changing of sshPublicKey?
- $change_sshkey = false;
- # What attribute should be changed by the changesshkey action?
- $change_sshkey_attribute = "sshPublicKey";
- # Who changes the sshPublicKey attribute?
- # Also applicable for question/answer save
- # user: the user itself
- # manager: the above binddn
- $who_change_sshkey = "user";
- # Notify users anytime their sshPublicKey is changed
- ## Requires mail configuration below
- $notify_on_sshkey_change = false;
- ## Questions/answers
- # Use questions/answers?
- # true (default)
- # false
- $use_questions = false;
- # Answer attribute should be hidden to users!
- $answer_objectClass = "extensibleObject";
- $answer_attribute = "info";
- # Extra questions (built-in questions are in lang/$lang.inc.php)
- #$messages['questions']['ice'] = "What is your favorite ice cream flavor?";
- ## Token
- # Use tokens?
- # true (default)
- # false
- $use_tokens = true;
- # Crypt tokens?
- # true (default)
- # false
- $crypt_tokens = true;
- # Token lifetime in seconds
- $token_lifetime = "3600";
- ## Mail
- # LDAP mail attribute
- $mail_attribute = "mail";
- # Get mail address directly from LDAP (only first mail entry)
- # and hide mail input field
- # default = false
- $mail_address_use_ldap = false;
- # Who the email should come from
- $mail_from = "support@xxxxxxx.com";
- $mail_from_name = "XXX Self Service Password System";
- $mail_signature = "";
- # Notify users anytime their password is changed
- $notify_on_change = true;
- # PHPMailer configuration (see https://github.com/PHPMailer/PHPMailer)
- $mail_sendmailpath = '/usr/sbin/sendmail';
- $mail_protocol = 'smtp';
- $mail_smtp_debug = 0;
- $mail_debug_format = 'html';
- $mail_smtp_host = 'mail.xxxxxxxxxxxxx.com';
- $mail_smtp_auth = false;
- $mail_smtp_user = '';
- $mail_smtp_pass = '';
- $mail_smtp_port = 25;
- $mail_smtp_timeout = 30;
- $mail_smtp_keepalive = false;
- $mail_smtp_secure = 'tls';
- $mail_contenttype = 'text/plain';
- $mail_wordwrap = 0;
- $mail_charset = 'utf-8';
- $mail_priority = 3;
- $mail_newline = PHP_EOL;
- ## SMS
- # Use sms
- $use_sms = false;
- # SMS method (mail, api)
- $sms_method = "mail";
- $sms_api_lib = "lib/smsapi.inc.php";
- # GSM number attribute
- $sms_attribute = "mobile";
- # Partially hide number
- $sms_partially_hide_number = true;
- # Send SMS mail to address
- $smsmailto = "{sms_attribute}@service.provider.com";
- # Subject when sending email to SMTP to SMS provider
- $smsmail_subject = "Provider code";
- # Message
- $sms_message = "{smsresetmessage} {smstoken}";
- # Remove non digit characters from GSM number
- $sms_sanitize_number = false;
- # Truncate GSM number
- $sms_truncate_number = false;
- $sms_truncate_number_length = 10;
- # SMS token length
- $sms_token_length = 6;
- # Max attempts allowed for SMS token
- $max_attempts = 3;
- # Encryption, decryption keyphrase, required if $crypt_tokens = true
- # Please change it to anything long, random and complicated, you do not have to remember it
- # Changing it will also invalidate all previous tokens and SMS codes
- $keyphrase = "PQrTfekmLj1FhTj";
- # Reset URL (if behind a reverse proxy)
- #$reset_url = $_SERVER['HTTP_X_FORWARDED_PROTO'] . "://" . $_SERVER['HTTP_X_FORWARDED_HOST'] . $_SERVER['SCRIPT_NAME'];
- # Display help messages
- $show_help = true;
- # Default language
- $lang = "en";
- # List of authorized languages. If empty, all language are allowed.
- # If not empty and the user's browser language setting is not in that list, language from $lang will be used.
- $allowed_lang = array();
- # Display menu on top
- $show_menu = false;
- # Logo
- $logo = "images/XXX.gif";
- # Background image
- #$background_image = "images/unsplash-space.jpeg";
- # Where to log password resets - Make sure apache has write permission
- # By default, they are logged in Apache log
- $reset_request_log = "/var/log/self-service-password";
- # Invalid characters in login
- # Set at least "*()&|" to prevent LDAP injection
- # If empty, only alphanumeric characters are accepted
- $login_forbidden_chars = "*()&|";
- ## CAPTCHA
- # Use Google reCAPTCHA (http://www.google.com/recaptcha)
- $use_recaptcha = true;
- # Go on the site to get public and private key
- $recaptcha_publickey = "xxxxxxx-xxxxxx";
- $recaptcha_privatekey = "xxxxxxxXxxxxxx";
- # Customization (see https://developers.google.com/recaptcha/docs/display)
- $recaptcha_theme = "light";
- $recaptcha_type = "image";
- $recaptcha_size = "normal";
- # reCAPTCHA request method, null for default, Fully Qualified Class Name to override
- # Useful when allow_url_fopen=0 ex. $recaptcha_request_method = '\ReCaptcha\RequestMethod\CurlPost';
- $recaptcha_request_method = null;
- ## Default action
- # change
- # sendtoken
- # sendsms
- $default_action = "change";
- ## Extra messages
- # They can also be defined in lang/ files
- #$messages['passwordchangedextramessage'] = NULL;
- #$messages['changehelpextramessage'] = NULL;
- # Launch a posthook script after successful password change
- $posthook = "/usr/share/self-service-password/posthook.sh";
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement