avoidik / docker-self-service-password

Docker LDAP Toolbox Self-Service Password changer Image w/nginx, php-fpm with S6 overlay, and Zabbix monitoring support based on Alpine

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

hub.docker.com/r/tiredofit/self-service-password

Build Status Docker Pulls Docker Stars Docker Layers

Introduction

Dockerfile to build a LTB-Self Service Password selfservice password manager for LDAP image.

  • This Container uses a customized Alpine Linux base which includes s6 overlay enabled for PID 1 Init capabilities, zabbix-agent for individual container monitoring, Cron also installed along with other tools (bash,curl, less, logrotate, nano, vim) for easier management.

This Container uses [tiredofit/alpine:3.8](https://hub.docker.com/r/tiredofit/alpine as a base, and tiredofit/nginx-php-fpm:7.2 to provide the serving of the content.

Changelog

Authors

Table of Contents

Prerequisites

This image assumes that you are using a reverse proxy such as jwilder/nginx-proxy and optionally the Let's Encrypt Proxy Companion @ https://github.com/JrCs/docker-letsencrypt-nginx-proxy-companion in order to serve your pages. However, it will run just fine on it's own if you map appropriate ports.

This image also relies on an external LDAP Server, external SMTP Server.

Installation

Automated builds of the image are available on Docker Hub and is the recommended method of installation.

docker pull tiredofit/self-service-password:latest

Quick Start

Configuration

Data-Volumes

The following directories are used for configuration and can be mapped for persistent storage.

Directory Description
/www/ssp Root SelfService Password Directory

Environment Variables

Along with the Environment Variables from the Base image, and the Nginx+PHP-FPM Engine below is the complete list of available options that can be used to customize your installation.

Parameter Description
LDAP_SERVER Ldap server. No default.
LDAP_STARTTLS Enable TLS on Ldap bind. No default.
LDAP_BINDDN Ldap bind dn. No default.
LDAP_BINDPASS Ldap bind password. No default.
LDAP_BASE_SEARCH Base where we can search for users. No default.
LDAP_LOGIN_ATTRIBUTE Ldap property used for user searching. Defaults to uid
LDAP_FULLNAME_ATTRIBUTE Ldap property to get user fullname. Defaults to cn
ADMODE Specifies if LDAP server is Active Directory LDAP server. If your LDAP server is AD, set this to true. Defaults to false.
AD_OPT_FORCE_UNLOCK Force account unlock when password is changed. Default to false.
AD_OPT_FORCE_PWD_CHANGE Force user change password at next login. Defaults to false.
AD_OPT_CHANGE_EXPIRED_PASSWORD Allow user with expired password to change password. Defaults to false.
SAMBA_MODE Samba mode, if is true update sambaNTpassword and sambaPwdLastSet attributes too; if is false just update the password. Defaults to false.
SHADOW_OPT_UPDATE_SHADOWLASTCHANGE If true update shadowLastChange. Defaults to false.
PASSWORD_HASH Hash mechanism for passwordSSHA SHA SMD5 MD5 CRYPT clear (the default) auto (will check the hash of current password) This option is not used with ad_mode = true
PASSWORD_MIN_LENGTH Minimal length. Defaults to 0 (unchecked).
PASSWORD_MAX_LENGTH Maximal length. Defaults to 0 (unchecked).
PASSWORD_MIN_LOWERCASE Minimal lower characters. Defaults to 0 (unchecked).
PASSWORD_MIN_UPPERCASE Minimal upper characters. Defaults to 0 (unchecked).
PASSWORD_MIN_DIGIT Minimal digit characters. Defaults to 0 (unchecked).
PASSWORD_MIN_SPECIAL Minimal special characters. Defaults to 0 (unchecked).
PASSWORD_NO_REUSE Dont reuse the same password as currently. Defaults to true.
PASSWORD_SHOW_POLICY Show policy constraints messagealways never onerror. Defaults to never
PASSWORD_SHOW_POLICY_POSITION Position of password policy constraints messageabove below -
the form. Defaults to above
WHO_CAN_CHANGE_PASSWORD Who changes the password? Also applicable for question/answer save user: the user itself manager: the above binddn. Defaults to user
QUESTIONS_ENABLED Use questions/answers? true or false. Defaults to true
LDAP_MAIL_ATTRIBUTE LDAP mail attribute. Defaults to mail
MAIL_FROM Who the email should come from. Defaults to admin@example.com
MAIL_FROM_NAME Name for MAIL_FROM. Defaults to No Reply
NOTIFY_ON_CHANGE Notify users anytime their password is changed. Defaults to false
SMTP_DEBUG SMTP debug mode (following https:////github.com/PHPMailer/PHPMailer instructions). Defaults to 0
SMTP_HOST SMTP host. No default.
SMTP_AUTH_ON Force smtp auth with SMTP_USER and SMTP_PASS. Defaults to false
SMTP_USER SMTP user. No default.
SMTP_PASS SMTP password. No default.
SMTP_PORT SMTP port. Defaults to 587
SMTP_SECURE_TYPE SMTP secure type to use. ssl or tls. Defaults to tls
SMTP_AUTOTLS SMTP Auto TLS true or false. Defaults to false
LOGO Main Logo - Default images/ltb-logo.png
BACKGROUND Change background Default images/unsplash-space.jpg
USE_SMS Enable sms notify. (Disabled on this image). Defaults to false
IS_BEHIND_PROXY Enable reset url parameter to accept reverse proxy. Defaults to false
SHOW_HELP Display help messages. Defaults to true.
LANG Language (NOT WORKING YET). Defaults to en.
DEBUG_MODE Debug mode. Defaults to false.
SECRETEKEY Encryption, decryption keyphrase. Defaults to secret.
USE_RECAPTCHA Use Google reCAPTCHA (http://www.google.com/recaptcha). Defaults to false
RECAPTCHA_PUB_KEY Go on the site to get public key
RECAPTCHA_PRIV_KEY Go on the site to get private key
RECAPTCHA_THEME Theme of ReCaptcha. Default: light
RECAPTCHA_TYPE Type of ReCaptcha Default: image
RECAPTCHA_SIZE Size of ReCaptcha Default: small
DEFAULT_ACTION Default actionchange sendtoken sendsms. Defaults to change

Networking

The following ports are exposed.

Port Description
80 HTTP

Maintenance

Shell Access

For debugging and maintenance purposes you may want access the containers shell.

docker exec -it (whatever your container name is e.g. ssp) bash

References

About

Docker LDAP Toolbox Self-Service Password changer Image w/nginx, php-fpm with S6 overlay, and Zabbix monitoring support based on Alpine

License:MIT License


Languages

Language:Dockerfile 100.0%