手册地址：https://self-service-password.readthedocs.io/en/latest/

安装要求：

Apache or another web server
php (>=7.4)
php-curl (haveibeenpwned api)
php-filter
php-gd (captcha)
php-ldap
php-mbstring (reset mail)
php-openssl (token crypt, probably built-in)
Smarty (version >=3) （php-smarty）

CentOS安装：

rpm -ivh http://rpms.famillecollet.com/enterprise/remi-release-7.rpm
yum --enablerepo=remi install php74-php
yum --enablerepo=remi install  php74-php-gd  php74-php-mbstring php74-php-ldap php74-php-filter php74-php-curl 
vi /etc/yum.repos.d/ltb-project.repo
[ltb-project-noarch]
name=LTB project packages (noarch)
baseurl=https://ltb-project.org/rpm/$releasever/noarch
enabled=1
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-LTB-project
#导入存储库密钥
rpm --import https://ltb-project.org/documentation/_static/RPM-GPG-KEY-LTB-project
yum install self-service-password
vi /etc/opt/remi/php74/php-fpm.d/www.conf  #修改启动用户为nginx
chown nginx.nginx -R /usr/share/self-service-password/

官网Nginx 配置：

server {
listen 80;

root /usr/share/self-service-password/htdocs;
index index.php index.html index.htm;

# Make site accessible from http://localhost/
server_name ldap.test.com; #配置为实际主机名，邮件发送时链接以server_name的地址。

# Disable sendfile as per https://docs.vagrantup.com/v2/synced-folders/virtualbox.html
sendfile off;

    gzip on;
    gzip_comp_level 6;
    gzip_min_length 1000;
    gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript application/javascript text/x-js;
    gzip_vary on;
    gzip_proxied any;
    gzip_disable "MSIE [1-6]\.(?!.*SV1)";

# Add stdout logging

error_log /dev/stdout warn;
access_log /dev/stdout main;


# pass the PHP scripts to FastCGI server listening on socket
#
location ~ \.php {
    fastcgi_pass unix:/var/run/php-fpm.socket;
    fastcgi_split_path_info       ^(.+\.php)(/.+)$;
    fastcgi_param PATH_INFO       $fastcgi_path_info;
    fastcgi_param PATH_TRANSLATED $document_root$fastcgi_path_info;
    fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
    fastcgi_index index.php;
        try_files $fastcgi_script_name =404;
    fastcgi_read_timeout 600;
    include fastcgi_params;
}

    error_page 404 /404.html;
    location = /404.html {
            root /usr/share/nginx/html;
            internal;
}

# deny access to . files, for security
#
location ~ /\. {
        log_not_found off;
        deny all;
}

location ~ /scripts {
        log_not_found off;
        deny all;
}

}

官网建议配置php.ini:

session.save_path = /tmp
upload_max_filesize = 10M
post_max_size = 16M
max_execution_time = 600
request_terminate_timeout = 600
expose_php = Off
output_buffering = 4096

配置提示语

/usr/share/self-service-password/lang/zh-CN.inc.php

配置文件配置示例：
/usr/share/self-service-password/conf/config.inc.php

$use_captcha = true; #开启验证码
$use_sms = false; #关闭短信重置
$use_questions = false;#关闭问题重置
#ldap配置
# LDAP
$ldap_url = "ldap://127.0.0.1:389";
$ldap_starttls = false;
$ldap_binddn = "cn=admin,dc=test,dc=com";
$ldap_bindpw = '********';
// for GSSAPI authentication, comment out ldap_bind* and uncomment ldap_krb5ccname lines
//$ldap_krb5ccname = "/path/to/krb5cc";
$ldap_base = "dc=test,dc=com";
$ldap_login_attribute = "sn";#默认为uid
$ldap_fullname_attribute = "cn";
$ldap_filter = "(&(objectClass=person)($ldap_login_attribute={login}))";
$ldap_use_exop_passwd = false;
$ldap_use_ppolicy_control = false;
$keyphrase = "secret@hssssaaak";#需要更改,不然访问报错
**#邮件配置：**
# Token lifetime in secondst重置密码链接的有效时间
$token_lifetime = "300";

## Mail
# LDAP mail attribute
$mail_attributes = array( "mail", "gosaMailAlternateAddress", "proxyAddresses" );
# Get mail address directly from LDAP (only first mail entry)
# and hide mail input field
# default = false
$mail_address_use_ldap = true;
# Who the email should come from
$mail_from = "xxxxx@163.com";
$mail_from_name = "ldappass";
$mail_signature = "本邮件为通过密码自助修改LDAP账号密码，无需回复,此链接有效时间5分钟";
# Notify users anytime their password is changed
$notify_on_change = false;
# PHPMailer configuration (see https://github.com/PHPMailer/PHPMailer)
$mail_sendmailpath = '/usr/sbin/sendmail';
$mail_protocol = 'smtp';
$mail_smtp_debug = 0;
$mail_debug_format = 'html';
$mail_smtp_host = 'smtphm.qiye.163.com';
$mail_smtp_auth = true;
$mail_smtp_user = 'xxxxx@163.com';
$mail_smtp_pass = '授权码';
$mail_smtp_port = 25;
$mail_smtp_timeout = 30;
$mail_smtp_keepalive = false;
$mail_smtp_secure = '';
#$mail_smtp_secure = 'tls';
$mail_smtp_autotls = true;
$mail_smtp_options = array();
$mail_contenttype = 'text/plain';
$mail_wordwrap = 0;
$mail_charset = 'utf-8';
$mail_priority = 3;

……………………
# Hash mechanism for password:
$hash = "MD5";设置重置密码时的加密算法，默认clear，为明文

在这里插入图片描述

如果有异常可以查看php-fpm的日志/xxxxlog/php-fpm/www-error.log