Difference between revisions of "Web app PhpLdapAdmin"

 
(One intermediate revision by the same user not shown)
Line 2: Line 2:
  
 
PhpLdapAdmin allows to manage the LDAP online.  
 
PhpLdapAdmin allows to manage the LDAP online.  
 
You can also give that URL to your users so they can manage their own password and profile.
 
 
  
  
Line 42: Line 39:
  
 
<syntaxhighlight lang="php">
 
<syntaxhighlight lang="php">
 +
$config->custom->session['blowfish'] = 'thisIsACrazyStringValueThatIsUsedToEncryptedData';
 +
 
$servers = new Datastore();
 
$servers = new Datastore();
 
$servers->newServer('ldap_pla');
 
$servers->newServer('ldap_pla');
Line 49: Line 48:
 
$servers->setValue('server','base',array('dc=dev,dc=daxiongmao,dc=eu'));
 
$servers->setValue('server','base',array('dc=dev,dc=daxiongmao,dc=eu'));
 
$servers->setValue('login','auth_type','session');
 
$servers->setValue('login','auth_type','session');
$servers->setValue('login','bind_id','cn=admin,dc=dev,dc=daxiongmao,dc=eu');
+
 
 +
$servers->setValue('login','bind_id','');
 +
$servers->setValue('login','bind_pass','');
 +
 
 +
$servers->setValue('login','attr','uid');
 +
$servers->setValue('login','base',array('ou=people,dc=dev,dc=daxiongmao,dc=eu'));
 +
$servers->setValue('server','read_only',false);
 +
 
 
</syntaxhighlight>
 
</syntaxhighlight>
  

Latest revision as of 15:48, 26 November 2014


PhpLdapAdmin allows to manage the LDAP online.


Requirements

You need both a LDAP and Web server to use this application.


Installation

Source: http://phpldapadmin.sourceforge.net/wiki/index.php/Main_Page

Packages

apt-get install phpldapadmin
apt-get install php-fpdf


Configuration

Edit configuration

vim /etc/phpldapadmin/config.php


Edit / adjust following lines:

$config->custom->session['blowfish'] = 'thisIsACrazyStringValueThatIsUsedToEncryptedData';

$servers = new Datastore();
$servers->newServer('ldap_pla');
$servers->setValue('server','name','DEV daxiongmao.eu LDAP');
$servers->setValue('server','host','dev.daxiongmao.eu');
// $servers->setValue('server','port',389);
$servers->setValue('server','base',array('dc=dev,dc=daxiongmao,dc=eu'));
$servers->setValue('login','auth_type','session');

$servers->setValue('login','bind_id','');
$servers->setValue('login','bind_pass','');

$servers->setValue('login','attr','uid');
$servers->setValue('login','base',array('ou=people,dc=dev,dc=daxiongmao,dc=eu'));
$servers->setValue('server','read_only',false);


!! Adjust to your own LDAP settings !!


Reload apache2 configuration

service apache2 reload


Improve security

Alias name

For better security you should not use /phpldapadmin but something else.


Edit configuration file:

vim /etc/phpldapadmin/apache.conf

Adjust

# Define /phpldapadmin alias, this is the default
<IfModule mod_alias.c>
Alias /phpldapadmin /usr/share/phpldapadmin/htdocs
</IfModule>

Replace phpldapadmin by your own value. For instance: ldapmanager


Apache access restrictions

Access service

Then you can access Ldap Account Manager on: http://myServer/phpldapadmin


Login

Login using Admin password


PhpLdapAdmin login


Login user: cn=admin,{ldap DN}


Basic configuration

Create Organizational Units

  • Create a child entry
  • Generic organizational unit [ou=]

Create:

    • people
    • groups


Create Groups

Then, create 2 groups called “administrators” & “users”

  • Click on ou=groups
  • Create a child entry
  • Create a generic posix group [cn=]

Create:

    • administrators
    • users


Create Users

  • Create some users
  • Click on ou=people
  • Create a child entry
  • Create a generic User Account [ua=]