Skip to content

gitrootid/ldap-passwd-webui

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

12 Commits
app
app
 
 
pkg/util
pkg/util
 
 
screenshots
screenshots
 
 
static
static
 
 
templates
templates
 
 
.gitignore
.gitignore
 
 
Dockerfile
Dockerfile
 
 
LICENSE
LICENSE
 
 
Makefile
Makefile
 
 
README.md
README.md
 
 
go.mod
go.mod
 
 
go.sum
go.sum
 
 
main.go
main.go
 
 

Repository files navigation

Web UI for LDAP changing password

WebUI Client capable of connecting to backend LDAP server and changing the users password.

Screenshot

The configuration is made with environment variables:

Env variable Default value Description
LPW_TITLE Change your global password for example.org Title that will appear on the page
LPW_HOST LDAP Host to connect to
LPW_PORT 636 LDAP Port (389
LPW_ENCRYPTED true Use encrypted communication
LPW_START_TLS false Start TLS communication
LPW_SSL_SKIP_VERIFY true Skip TLS CA verification
LPW_USER_DN uid=%s,ou=people,dc=example,dc=org Filter expression to search the user for Binding
LPW_USER_BASE ou=people,dc=example,dc=org Base to use when doing the binding
CA_FILE ca.crt ca certification path for encrypting communication

Running

dep ensure LPW_HOST=ldap_host_ip go run main.go

Browse http://localhost:8080/

Running in docker container

docker run -d -p 8080:8080 --name ldap-passwd-webui \ -e LPW_TITLE="Change your global password for example.org" \ -e LPW_HOST="your_ldap_host" \ -e LPW_PORT="636" \ -e LPW_ENCRYPTED="true" \ -e LPW_START_TLS="false" \ -e LPW_SSL_SKIP_VERIFY="true" \ -e LPW_USER_DN="uid=%s,ou=people,dc=example,dc=org" \ -e LPW_USER_BASE="ou=people,dc=example,dc=org" \ -e CA_FILE='/app/ca.cert' \ -e LPW_PATTERN_INFO="Password must be at least 8 characters long." \ npenkov/docker-ldap-passwd-webui:latest

Building and tagging

go mod download
make build

Add New Feature

modify below attribute for ldap user: "sambaNTPassword" and "sambaLMPassword"

load self sign CA cert

code:

rootCA, err := x509.SystemCertPool() if err != nil { log.Printf("Failed to load system cert:%v", err) // return nil, err	} if rootCA == nil { rootCA = x509.NewCertPool() fileName := "./certs/ca.crt" ldapCert, err := ioutil.ReadFile(fileName) if err != nil { log.Fatal(fmt.Sprintf("failed to read file: %s ", fileName))	} ok := rootCA.AppendCertsFromPEM(ldapCert) if !ok { log.Fatal(fmt.Sprintf("ca file not added: %s", fileName))	}	} config := &tls.Config{ InsecureSkipVerify: true, ServerName: "YourServerName", RootCAs: rootCA,	} l, err := ldap.DialTLS("tcp", fmt.Sprintf("%s:%d", "YourServerName", 636), config)

check password strength

code:

import "regexp" func ChenkPasswordStrength(p string) (level int) { reg := regexp.MustCompile(`^(?:([a-z])|([A-Z])|([0-9])|(\W)){8,25}$`) for _, str := range reg.FindStringSubmatch(p) { if len(str) == 0 { continue	} level += 1	} return level }

ldap response: "Insufficient Access Rights" while try to modify sambaNTPassword

modify olc config, or try to change code: bind admin dn and obtain admin privileges

Credits

About

WebUI for changing LDAP password,include modify password attribute: "sambaNTPassword" and "sambaLMPassword"

Topics

ldap openldap password pdc sambantpassword lmhash nthash ldap-password

Resources

Readme

License

MIT license
Activity

Stars

8 stars

Watchers

0 watching

Forks

1 fork
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages

  • Go 72.1%
  • HTML 13.9%
  • CSS 10.8%
  • Makefile 2.1%
  • Dockerfile 1.1%