add preconfigured password self service as additional folder-based web service

2025-06-07 16:06:14 +00:00 · 2019-01-04 03:31:16 +01:00 · 2019-01-04 03:31:16 +01:00 · 134aa99bb8
commit 134aa99bb8
parent ceccd836de
3 changed files with 53 additions and 0 deletions
--- a/docker-compose.yml-example
+++ b/docker-compose.yml-example
@ -50,6 +50,43 @@ services:
      - ldap-net
      - web-net

+  password-self-service:
+    image: tiredofit/self-service-password
+    container_name: password-self-service
+    domainname: ${LDAP_DOMAIN}
+    depends_on:
+      - ldap
+      - mail
+    environment:
+      - LDAP_SERVER=ldap://ldap:389
+      - LDAP_BINDDN=cn=admin,dc=kopano,dc=demo
+      - LDAP_BINDPASS=${LDAP_ADMIN_PASSWORD}
+      - LDAP_BASE_SEARCH=${LDAP_BASE_DN}
+      - MAIL_FROM=noreply@${LDAP_DOMAIN}
+      - SMTP_HOST=mail
+      - SMTP_PORT=25
+      - SMTP_SECURE_TYPE=false
+      - SMTP_AUTOTLS=false
+      - QUESTIONS_ENABLED=false
+      - PASSWORD_NO_REUSE=true
+      - WHO_CAN_CHANGE_PASSWORD=user
+      - SECRETEKEY=${SELF_SERVICE_SECRETEKEY}
+      - BACKGROUND=.
+      - PASSWORD_MIN_LENGTH=${SELF_SERVICE_PASSWORD_MIN_LENGTH}
+      - PASSWORD_MAX_LENGTH=${SELF_SERVICE_PASSWORD_MAX_LENGTH}
+      - PASSWORD_MIN_LOWERCASE=${SELF_SERVICE_PASSWORD_MIN_LOWERCASE}
+      - PASSWORD_MIN_UPPERCASE=${SELF_SERVICE_PASSWORD_MIN_UPPERCASE}
+      - PASSWORD_MIN_DIGIT=${SELF_SERVICE_PASSWORD_MIN_DIGIT}
+      - PASSWORD_MIN_SPECIAL=${SELF_SERVICE_PASSWORD_MIN_SPECIAL}
+    expose:
+      - "80"
+    volumes:
+      - password-self-service:/www/ssp
+    networks:
+      - web-net # provide web-frontend
+      - ldap-net # access ldap user base and write passwords
+      - kopano-net # send mail directly to mailstack
+
  mail:
    image: tvial/docker-mailserver:release-v6.1.0
    restart: always
@ -343,6 +380,7 @@ services:
 volumes:
  web:
  ldap:
+  password-self-service:
  slapd:
  maildata:
  mailstate:
--- a/kweb/kweb.cfg
+++ b/kweb/kweb.cfg
@ -123,4 +123,10 @@
        transparent
    }
    redir /ldap-admin /ldap-admin/
+
+    proxy /password-reset/ password-self-service:80 {
+        without /password-reset
+        transparent
+    }
+    redir /password-reset /password-reset/
 }
--- a/setup.sh
+++ b/setup.sh
@ -221,6 +221,15 @@ LDAP_QUERY_FILTER_ALIAS=(&(kopanoAccount=1)(kopanoAliases=%s))
 LDAP_QUERY_FILTER_DOMAIN=(&(|(mail=*@%s)(kopanoAliases=*@%s)))
 SASLAUTHD_LDAP_FILTER=(&(kopanoAccount=1)(uid=%s))

+# LDAP user password self-service reset settings
+SELF_SERVICE_SECRETEKEY=$(random_string)
+SELF_SERVICE_PASSWORD_MIN_LENGTH=
+SELF_SERVICE_PASSWORD_MAX_LENGTH=
+SELF_SERVICE_PASSWORD_MIN_LOWERCASE=
+SELF_SERVICE_PASSWORD_MIN_UPPERCASE=
+SELF_SERVICE_PASSWORD_MIN_DIGIT=
+SELF_SERVICE_PASSWORD_MIN_SPECIAL=
+
 # switch the value of these two variables to use the activedirectory configuration
 KCUNCOMMENT_LDAP_1=!include /usr/share/kopano/ldap.openldap.cfg
 KCCOMMENT_LDAP_1=!include /usr/share/kopano/ldap.active-directory.cfg