ltb-project/self-service-password — reverse-engineered prompt

Build me a simple web app where company users can manage their own LDAP password without asking IT every time. It should let someone log in with their current account, change their password, and recover it if they forgot it using options like security questions, email token, or SMS if configured.

It needs to work with normal LDAP directories and Active Directory. Include sensible password rules like minimum length, required character types, blocked words, preventing reuse, checking that the password is not too similar to the login, and optionally checking Have I Been Pwned. Also support things admins might need like Samba password changes, changing an SSH key, email, or phone number stored in LDAP, captcha, email notifications after a password change, and hooks before or after the password is updated.

Please make it configurable rather than hard coded, include a clean PHP web interface, templates, language support, and a small REST API. Docker support would be helpful too. Look up current docs online if you need to.