AuthTool is a self-service password reset and SSH public key management application for OpenLDAP directories.
Features include:
- Forgotten passwords can be reset using a token sent by email.
- Forgotten username reminders can be sent by email.
- Passwords can be changed using the current password.
- SSH public keys can be validated and added or deleted.
This application makes many assumptions about your LDAP server's configuration and schema.
- The sshPublicKey schema from the openssh-ldap-publickey project.
- The
posixUserobjectClass - The
sambaSamAccountobjectClass
This application assumes anonymous binds are permitted for obtaining limited user information. A service account is used for administrative operations such as setting passwords.
You can run AuthTool in two supported ways: Docker and locally. Both use the same interface, so it comes down to personal preference.
A Dockerfile is included to build and run the application.
This application is meant to use the internal CherryPy server. Therefore, it can simply be run using the provided module:
python serve.py