Aurora Corporate 8 documentation

Password change via LDAP

Introduction

This module allows for changing user account password stored on LDAP server.

It is assumed that mailserver users are authenticated via IMAP and SMTP and their passwords are actually stored on LDAP server, so changing password there will result in changing password for email account as well.

Installation

If you have installed Aurora Corporate 8 from Git, you can follow the instructions for adding a module. If you've installed the product from ZIP, there's a simple approach available.

  • Navigate to module page at https://github.com/afterlogic/aurora-module-ldap-change-password-plugin
  • Click "Clone or download" button to obtain ZIP archive of the module
  • under modules directory of Aurora Corporate 8 installation, create LdapChangePasswordPlugin subdirectory
  • extract contents of aurora-module-ldap-change-password-plugin-master directory of ZIP archive into subdirectory you've created
  • log into your Aurora Corporate 8 installation, to make sure the module and its settings are initialized

Configuration

After installing the module, you should find its configuration file at data/settings/modules/LdapChangePasswordPlugin.config.json:

{
{
    "Disabled": [
        false,
        "bool"
    ],
    "SupportedServers": [
        ["*"],
        "array"
    ],
    "SearchDn": [
        "ou=Users,dc=afterlogic,dc=com",
        "string"
    ],
    "Host": [
        "127.0.0.1",
        "string"
    ],
    "Port": [
        389,
        "int"
    ],
    "BindDn": [
        "cn=Administrator,dc=afterlogic,dc=com",
        "string"
    ],
    "BindPassword": [
        "secret",
        "string"
    ],
    "HostBackup": [
        "",
        "string"
    ],
    "PortBackup": [
        389,
        "int"
    ],
    "PasswordType": [
        "clear",
        "string"
    ],
    "SearchAttribute": [
        "mail",
        "string"
    ],
    "PasswordAttribute": [
        "userPassword",
        "string"
    ]
}

Of course, you will need to adjust those settings according to your LDAP server setup.

For SupportedServers, you need to supply array of mailserver hostnames or IP addresses the feature is enabled for. If you put "*" item there, it means the feature is enabled for all accounts.

Additionally, the plugin uses the following parameters found in modules/ChangePasswordWebclient/Module.php file:

  • 'PasswordMinLength' - defines minimal number of characters the password must have;
  • 'PasswordMustBeComplex' - if set to true, the password has to include at least one digit and at least one non-alphanumeric character.

To make sure "Change Password" button is displayed, set Disabled to false in data/settings/modules/ChangePasswordWebclient.config.json configuration file.