Difference between revisions of "Web app PhpLdapAdmin"

(Created page with "Category:Linux PhpLdapAdmin allows to manage the LDAP online. You can also give that URL to your users so they can manage their own password and profile. =Requiremen...")
(No difference)

Revision as of 11:03, 9 August 2014


PhpLdapAdmin allows to manage the LDAP online.

You can also give that URL to your users so they can manage their own password and profile.


Requirements

You need both a LDAP and Web server to use this application.


Installation

Source: http://phpldapadmin.sourceforge.net/wiki/index.php/Main_Page

Packages

apt-get install phpldapadmin
apt-get install php-fpdf


Configuration

Edit configuration

vim /etc/phpldapadmin/config.php


Edit / adjust following lines:

$servers = new Datastore();
$servers->newServer('ldap_pla');
$servers->setValue('server','name','DEV daxiongmao.eu LDAP');
$servers->setValue('server','host','dev.daxiongmao.eu');
// $servers->setValue('server','port',389);
$servers->setValue('server','base',array('dc=dev,dc=daxiongmao,dc=eu'));
$servers->setValue('login','auth_type','session');
$servers->setValue('login','bind_id','cn=admin,dc=dev,dc=daxiongmao,dc=eu');


!! Adjust to your own LDAP settings !!


Reload apache2 configuration

<syntaxhighlight lang="bash">

  1. service apache2 reload


Access service Then you can access Ldap Account Manager on: http://myServer/phpldapadmin

Improve security For better security you should not use /phpldapadmin but something else. Edit configuration file:

  1. vim /etc/phpldapadmin/apache.conf

Adjust

  1. Define /phpldapadmin alias, this is the default

<IfModule mod_alias.c> Alias /phpldapadmin /usr/share/phpldapadmin/htdocs </IfModule>

Replace phpldapadmin by your own value. For instance: ldapmanager

Login using Admin password Login:


Login user: cn=admin,{ldap DN}

Basic configuration Create Organizational Units Create a child entry Generic organizational unit [ou=] Create:  people  groups

Create Groups Then, create 2 groups called “administrators” & “users” Click on ou=groups Create a child entry Create a generic posix group [cn=] Create:  administrators  users

Create Users Create some users Click on ou=people Create a child entry Create a generic User Account [ua=]


Installation # Graphical interface [client side] On the local machine you can download a LDAP browser to manage it remotely.

I’ll use “LDAP Admin” http://www.ldapadmin.org/

Installation  Download the latest version o Choose the EXE version  Unzip it to the target directory

Create new connection  Just run “LdapAdmin.exe”  Start  Connect


 Create a new connection o Double click on “new connection”

Fill up the form like this:

Then you can connect to the remote server

Configuration Create new Organizational Units Right click to the root  New  Organizational Unit…



Create:  people for users  groups for users groups  locations specific area  applications

Create new groups  Right click on “ou=groups”  New  Group…

Create:  administrators Domain administrators  users Domain users  services System and services accounts


Create locations structure  Right click on “ou=locations”  New  Location…

You can create a location tree to sort your users. Example:


Create users  Right click on “ou=users”  New  User…

 You can organized your users by sub organizational units as well


Fill up the form


Depending on your local policy, the username might be: • FirstName.LastName • [1st letter first name][last name]

 It doesn’t matter as long as this is the same pattern for all users!

Register the user to some group


Edit user To update the user using the same wizard:  Right click on user  Properties


The Edit Entry… is a technical link.

You can add email + address data.