The aim of this project is to provide a very simple web form for users to be able to change their password stored in LDAP or Active Directory (Samba 4 AD). It’s built with Bottle, a WSGI micro web-framework for Python.
Clone this repository and install dependencies:
git clone [email protected]:jirutka/ldap-passwd-webui.git
cd ldap-passwd-webui
pip install -r requirements.txtConfiguration is read from the file settings.ini.
You may change location of the settings file using the environment variable CONF_FILE.
If you have Active Directory (or Samba 4 AD), then you must use encrypted connection (i.e. LDAPS or StartTLS) – AD doesn’t allow changing password via unencrypted connection.
There are multiple ways how to run it:
Simply execute the app.py:
python3 app.pyThen you can access the app on http://localhost:8080. The port and host may be changed in settings.ini.
If you have many micro-apps like this, it’s IMO kinda overkill to run each in a separate uWSGI process, isn’t it? It’s not so well known, but uWSGI allows to “mount” multiple application in a single uWSGI process and with a single socket.
[uwsgi]
plugins = python3
socket = /run/uwsgi/main.sock
chdir = /var/www/scripts
logger = file:/var/log/uwsgi/main.log
processes = 1
threads = 2
# map URI paths to applications
mount = /admin/ldap-passwd-webui=ldap-passwd-webui/app.py
#mount = /admin/change-world=change-world/app.py
manage-script-name = trueserver {
listen 443 ssl;
server_name example.org;
ssl_certificate /etc/ssl/nginx/nginx.crt;
ssl_certificate_key /etc/ssl/nginx/nginx.key;
# uWSGI scripts
location /admin/ {
uwsgi_pass unix:/run/uwsgi/main.sock;
include uwsgi_params;
}
}
This project is licensed under MIT License. For the full text of the license, see the LICENSE file.