Aurora Corporate documentation

Password change via LDAP

Introduction

This module allows for changing user account password stored on LDAP server.

It is assumed that mailserver users are authenticated via IMAP and SMTP and their passwords are actually stored on LDAP server, so changing password there will result in changing password for email account as well.

Installation

If you have installed Aurora Corporate from Git, you can follow the instructions for adding a module. If you've installed the product from ZIP, there's a simple approach available.

  • Download ZIP archive of the module at https://github.com/afterlogic/aurora-module-ldap-change-password-plugin/archive/master.zip
  • under modules directory of Aurora Corporate installation, create LdapChangePasswordPlugin subdirectory
  • extract contents of aurora-module-ldap-change-password-plugin-master directory of ZIP archive into subdirectory you've created
  • log into your Aurora Corporate installation, to make sure the module and its settings are initialized

Configuration

After installing the module, you should find its configuration file at data/settings/modules/LdapChangePasswordPlugin.config.json:

{
    "Disabled": [
        false,
        "bool",
        null,
        "Setting to true disables the module"
    ],
    "SupportedServers": [
        ["*"],
        "array",
        null,
        "If IMAP Server value of the mailserver is in this list, password change is enabled for it. * enables it for all the servers."
    ],
    "SearchDn": [
        "ou=Users,dc=afterlogic,dc=com",
        "string",
        null,
        "Base Search DN for users lookup"
    ],
    "Host": [
        "127.0.0.1",
        "string",
        null,
        "LDAP server host"
    ],
    "Port": [
        389,
        "int",
        null,
        "LDAP server port"
    ],
    "BindDn": [
        "cn=Administrator,dc=afterlogic,dc=com",
        "string",
        null,
        "Bind DN used for authentication"
    ],
    "BindPassword": [
        "secret",
        "string",
        null,
        "Password used for authentication on LDAP server. Will be automatically encrypted"
    ],
    "HostBackup": [
        "",
        "string",
        null,
        "Backup LDAP server host"
    ],
    "PortBackup": [
        389,
        "int",
        null,
        "Backup LDAP server port"
    ],
    "PasswordType": [
        "clear",
        "string",
        null,
        "Password hashing type. Supported values: md5, crypt, or clear for no encryption"
    ],
    "SearchAttribute": [
        "mail",
        "string",
        null,
        "LDAP field used for user lookup"
    ],
    "PasswordAttribute": [
        "userPassword",
        "string",
        null,
        "LDAP field used for storing user password"
    ]
}

Of course, you will need to adjust those settings according to your LDAP server setup.

For SupportedServers, you need to supply array of mailserver hostnames or IP addresses the feature is enabled for. If you put "*" item there, it means the feature is enabled for all accounts.

Additionally, the plugin uses the following parameters found in data/settings/config.json file:

  • 'PasswordMinLength' - defines minimal number of characters the password must have;
  • 'PasswordMustBeComplex' - if set to true, the password has to include at least one digit and at least one non-alphanumeric character.

To make sure "Change Password" button is displayed, set Disabled to false in data/settings/modules/ChangePasswordWebclient.config.json configuration file.