The LDAP Tool Box project provides a set of LDAP-related applications, administrative tools, and other utilities. They have just released version 1.5.0 of their Self Service Password tool, which is a PHP application that allows users to change their password in an LDAP directory. Changes in this release include:
- Fixed an issue in which an SMS token could be used to change the password for any account
- Fixed an issue that could allow the same captcha to be used multiple times
- Fixed an issue that could disclose the existence of user accounts
- Fixed an issue that could cause a server error when attempting to reset the password for a nonexistent user
- Fixed an issue that could prevent resetting expired passwords
- Fixed issues when using captchas with password reset email messages
- Fixed an issue that could prevent password reset token email messages from being sent
- Fixed an issue that could cause an email notification to be sent even if an update attempt failed
- Added support for encoding passwords with Argon2
- Added support for Kerberos authentication
- Added support for rate limiting by IP address
- Added the ability to specify multiple email address attributes
- Added the ability to specify multiple email address and/or mobile phone number attributes
- Added an SMS API for using signal-cli
- Added sendmail to the Docker image
- Added support for validating SSH public keys