The LDAP Tool Box project provides a set of LDAP-related applications, administrative tools, and other utilities. They have just released version 1.5.0 of their Self Service Password tool, which is a PHP application that allows users to change their password in an LDAP directory. Changes in this release include:

• Fixed an issue in which an SMS token could be used to change the password for any account
• Fixed an issue that could allow the same captcha to be used multiple times
• Fixed an issue that could disclose the existence of user accounts
• Fixed an issue that could cause a server error when attempting to reset the password for a nonexistent user
• Fixed an issue that could prevent resetting expired passwords
• Fixed issues when using captchas with password reset email messages
• Fixed an issue that could prevent password reset token email messages from being sent
• Fixed an issue that could cause an email notification to be sent even if an update attempt failed
• Added support for encoding passwords with Argon2
• Added support for Kerberos authentication
• Added support for rate limiting by IP address
• Added the ability to specify multiple email address attributes
• Added the ability to specify multiple email address and/or mobile phone number attributes
• Added an SMS API for using signal-cli
• Added sendmail to the Docker image
• Added support for validating SSH public keys