1.在活动目录中新建一个用户,并赋予域管理员权限;
2.拷贝conf目录下的config.inc.php为config.inc.local.php;
3.按自己的实际情况及要求修改config.inc.local.php文件中的相关参数,说明如下:
<?php #============================================================================== # LTB Self Service Password # # Copyright (C) 2009 Clement OUDOT # Copyright (C) 2009 LTB-project.org # # This program is free software; you can redistribute it and/or # modify it under the terms of the GNU General Public License # as published by the Free Software Foundation; either version 2 # of the License, or (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # GPL License: http://www.gnu.org/licenses/gpl.txt # #============================================================================== #============================================================================== # All the default values are kept here, you should not modify it but use # config.inc.local.php file instead to override the settings from here. #============================================================================== #============================================================================== # Configuration #============================================================================== # Debug mode # true: log and display any errors or warnings (use this in configuration/testing) # false: log only errors and do not display them (use this in production) $debug = false; //调试模式 # LDAP $ldap_url = "LDAPS://dc.xxxx.cn"; //LDAP服务器地址 $ldap_starttls = false; ////LDAP服务器是否支持TLS $ldap_binddn = "CN=xxx,CN=Users,DC=xxxx,DC=cn"; //连接LDAP服务器的账户DN $ldap_bindpw = "xxxxxx"; //连接LDAP服务器的账户DN的密码 $ldap_base = "OU=1-XXXX,DC=xxxx,DC=cn"; //检索OU的路径 $ldap_login_attribute = "sAMAccountName"; //LDAP用户名字段 $ldap_fullname_attribute = "cn"; //LDAP用户全名字段 $ldap_filter = "(&(objectClass=user)(sAMAccountName={login})(sAMAccountType=805306368)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))"; //过滤LDAP用户规则 # Active Directory mode # true: use unicodePwd as password field # false: LDAPv3 standard behavior $ad_mode = true; //是否启用Active Directory模式 # Force account unlock when password is changed $ad_options['force_unlock'] = true; //强制解锁:当密码更改将解锁锁定帐户 # Force user change password at next login $ad_options['force_pwd_change'] = false; //强制用户在下次登录时更改密码 # Allow user with expired password to change password $ad_options['change_expired_password'] = true; //允许用户更改密码,如果密码过期 # Samba mode # true: update sambaNTpassword and sambaPwdLastSet attributes too # false: just update the password $samba_mode = false; //是否启用Samba模式 # Set password min/max age in Samba attributes #$samba_options['min_age'] = 5; #$samba_options['max_age'] = 45; # Shadow options - require shadowAccount objectClass # Update shadowLastChange $shadow_options['update_shadowLastChange'] = false; $shadow_options['update_shadowExpire'] = false; # Default to -1, never expire $shadow_options['shadow_expire_days'] = -1; # Hash mechanism for password: