Docker with self-service-password cannot modify the AD user password.

[ilanni2460]

Docker with self-service-password cannot modify the AD user password. According to the relevant documents, you need to import the relevant certificates of AD.

[coudot]

You can use a volume to have them in docker image, did you try this?

[ilanni2460]

@coudot According to relevant information, openldap needs to be installed in the docker image, and the openldap service needs to be started.

[sofronic]

I managed to get it working with custom image and volume that holds the ldaps AD cert:

docker run -p 8030:80 -v $PWD/ssp.conf.php:/var/www/conf/config.inc.local.php -v $PWD/certificate.crt:/etc/ssl/certs/ca-certificates.crt -it image -e debug

Dockerfile:

FROM ltbproject/self-service-password:1.7
RUN apt-get -y update &&  \ 
    apt-get install --no-install-recommends  \
    -y libldap-common libsasl2-modules && \
    rm -rf /var/lib/apt/lists/*

config.inc.local.php:

<?php // My SSP configuration
$keyphrase = "oi";
$debug = true;
$ad_mode = true;
$ldap_url = "ldaps://foo.bar";
$ldap_starttls = false;
$ldap_binddn = "CN=changeme,OU=foobar,DC=foo,DC=bar";
$ldap_bindpw = "kor";
$ldap_login_attribute = "sAMAccountName";
$ldap_fullname_attribute = "cn";
$ldap_base = "OU=foobar,DC=foo,DC=bar";
$ldap_filter = "(&(objectClass=user)(sAMAccountName={login})(!(userAccountControl:1.2.840.113556.1.4.803:=2)))";
$ad_options['force_unlock'] = true;
$ad_options['change_expired_password'] = true;
$audit_log_file = "/tmp/audit.log";
?>