Difference between revisions of "Web app PhpLdapAdmin"

Line 61: Line 61:
 
service apache2 reload
 
service apache2 reload
 
</syntaxhighlight>
 
</syntaxhighlight>
 
 
 
=Access service=
 
 
Then you can access Ldap Account Manager on: http://myServer/phpldapadmin 
 
  
  
Line 95: Line 89:
  
  
 +
==Apache access restrictions==
  
Login using Admin password
 
Login:
 
 
  
Login user: cn=admin,{ldap DN}
 
  
Basic configuration
 
Create Organizational Units
 
Create a child entry 
 
Generic organizational unit  [ou=] 
 
Create:
 
 people
 
 groups
 
  
Create Groups
 
Then, create 2 groups called “administrators” & “users”
 
Click on ou=groups
 
Create a child entry
 
Create a generic posix group [cn=] 
 
Create:
 
 administrators
 
 users
 
  
Create Users
 
Create some users
 
Click on ou=people
 
Create a child entry
 
Create a generic User Account  [ua=] 
 
  
+
=Access service=
  
Installation # Graphical interface [client side]
+
Then you can access Ldap Account Manager on: http://myServer/phpldapadmin 
On the local machine you can download a LDAP browser to manage it remotely.
 
  
I’ll use “LDAP Admin” http://www.ldapadmin.org/
 
  
Installation
+
==Login==
 Download the latest version
 
o Choose the EXE version
 
 Unzip it to the target directory
 
  
Create new connection
+
Login using Admin password
 Just run “LdapAdmin.exe”
 
 Start  Connect
 
 
  
 Create a new connection
 
o Double click on “new connection”
 
 
Fill up the form like this:
 
 
Then you can connect to the remote server
 
  
Configuration
+
[[File:Phpldapadmin login.png|none|PhpLdapAdmin login]]
Create new Organizational Units
 
Right click to the root  New  Organizational Unit…
 
  
 
  
 +
Login user: cn=admin,{ldap DN}
  
Create:
 
 people for users
 
 groups for users groups
 
 locations specific area
 
 applications
 
  
Create new groups
+
==Basic configuration==
 Right click on “ou=groups”  New  Group…
 
  
Create:
+
===Create Organizational Units===
 administrators Domain administrators
 
 users Domain users
 
 services System and services accounts
 
  
 +
* Create a child entry 
 +
* Generic organizational unit  [ou=] 
  
Create locations structure
+
Create:
 Right click on “ou=locations”  New  Location…
+
** people
 +
** groups
  
You can create a location tree to sort your users.
 
Example:
 
 
  
Create users
+
===Create Groups===
 Right click on “ou=users”  New  User…
 
  
 You can organized your users by sub organizational units as well
+
Then, create 2 groups called “administrators” & “users”
 
  
Fill up the form
+
* Click on ou=groups
 +
* Create a child entry
 +
* Create a generic posix group [cn=] 
  
+
Create:
 
+
** administrators
Depending on your local policy, the username might be:
+
** users
• FirstName.LastName
 
• [1st letter first name][last name]
 
 
 
 It doesn’t matter as long as this is the same pattern for all users!
 
 
 
Register the user to some group
 
 
  
Edit user
 
To update the user using the same wizard:
 
 Right click on user  Properties
 
 
  
The Edit Entry… is a technical link.
+
===Create Users===
  
You can add email + address data.
+
* Create some users
 +
* Click on ou=people
 +
* Create a child entry
 +
* Create a generic User Account  [ua=]

Revision as of 14:26, 9 August 2014


PhpLdapAdmin allows to manage the LDAP online.

You can also give that URL to your users so they can manage their own password and profile.



Requirements

You need both a LDAP and Web server to use this application.


Installation

Source: http://phpldapadmin.sourceforge.net/wiki/index.php/Main_Page

Packages

apt-get install phpldapadmin
apt-get install php-fpdf


Configuration

Edit configuration

vim /etc/phpldapadmin/config.php


Edit / adjust following lines:

$servers = new Datastore();
$servers->newServer('ldap_pla');
$servers->setValue('server','name','DEV daxiongmao.eu LDAP');
$servers->setValue('server','host','dev.daxiongmao.eu');
// $servers->setValue('server','port',389);
$servers->setValue('server','base',array('dc=dev,dc=daxiongmao,dc=eu'));
$servers->setValue('login','auth_type','session');
$servers->setValue('login','bind_id','cn=admin,dc=dev,dc=daxiongmao,dc=eu');


!! Adjust to your own LDAP settings !!


Reload apache2 configuration

service apache2 reload


Improve security

Alias name

For better security you should not use /phpldapadmin but something else.


Edit configuration file:

vim /etc/phpldapadmin/apache.conf

Adjust

# Define /phpldapadmin alias, this is the default
<IfModule mod_alias.c>
Alias /phpldapadmin /usr/share/phpldapadmin/htdocs
</IfModule>

Replace phpldapadmin by your own value. For instance: ldapmanager


Apache access restrictions

Access service

Then you can access Ldap Account Manager on: http://myServer/phpldapadmin


Login

Login using Admin password


PhpLdapAdmin login


Login user: cn=admin,{ldap DN}


Basic configuration

Create Organizational Units

  • Create a child entry
  • Generic organizational unit [ou=]

Create:

    • people
    • groups


Create Groups

Then, create 2 groups called “administrators” & “users”

  • Click on ou=groups
  • Create a child entry
  • Create a generic posix group [cn=]

Create:

    • administrators
    • users


Create Users

  • Create some users
  • Click on ou=people
  • Create a child entry
  • Create a generic User Account [ua=]