Web app PhpLdapAdmin

Revision as of 11:03, 9 August 2014 by WikiFreak (talk | contribs) (Created page with "Category:Linux PhpLdapAdmin allows to manage the LDAP online. You can also give that URL to your users so they can manage their own password and profile. =Requiremen...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)


PhpLdapAdmin allows to manage the LDAP online.

You can also give that URL to your users so they can manage their own password and profile.


Requirements

You need both a LDAP and Web server to use this application.


Installation

Source: http://phpldapadmin.sourceforge.net/wiki/index.php/Main_Page

Packages

apt-get install phpldapadmin
apt-get install php-fpdf


Configuration

Edit configuration

vim /etc/phpldapadmin/config.php


Edit / adjust following lines:

$servers = new Datastore();
$servers->newServer('ldap_pla');
$servers->setValue('server','name','DEV daxiongmao.eu LDAP');
$servers->setValue('server','host','dev.daxiongmao.eu');
// $servers->setValue('server','port',389);
$servers->setValue('server','base',array('dc=dev,dc=daxiongmao,dc=eu'));
$servers->setValue('login','auth_type','session');
$servers->setValue('login','bind_id','cn=admin,dc=dev,dc=daxiongmao,dc=eu');


!! Adjust to your own LDAP settings !!


Reload apache2 configuration

<syntaxhighlight lang="bash">

  1. service apache2 reload


Access service Then you can access Ldap Account Manager on: http://myServer/phpldapadmin

Improve security For better security you should not use /phpldapadmin but something else. Edit configuration file:

  1. vim /etc/phpldapadmin/apache.conf

Adjust

  1. Define /phpldapadmin alias, this is the default

<IfModule mod_alias.c> Alias /phpldapadmin /usr/share/phpldapadmin/htdocs </IfModule>

Replace phpldapadmin by your own value. For instance: ldapmanager

Login using Admin password Login:


Login user: cn=admin,{ldap DN}

Basic configuration Create Organizational Units Create a child entry Generic organizational unit [ou=] Create:  people  groups

Create Groups Then, create 2 groups called “administrators” & “users” Click on ou=groups Create a child entry Create a generic posix group [cn=] Create:  administrators  users

Create Users Create some users Click on ou=people Create a child entry Create a generic User Account [ua=]


Installation # Graphical interface [client side] On the local machine you can download a LDAP browser to manage it remotely.

I’ll use “LDAP Admin” http://www.ldapadmin.org/

Installation  Download the latest version o Choose the EXE version  Unzip it to the target directory

Create new connection  Just run “LdapAdmin.exe”  Start  Connect


 Create a new connection o Double click on “new connection”

Fill up the form like this:

Then you can connect to the remote server

Configuration Create new Organizational Units Right click to the root  New  Organizational Unit…



Create:  people for users  groups for users groups  locations specific area  applications

Create new groups  Right click on “ou=groups”  New  Group…

Create:  administrators Domain administrators  users Domain users  services System and services accounts


Create locations structure  Right click on “ou=locations”  New  Location…

You can create a location tree to sort your users. Example:


Create users  Right click on “ou=users”  New  User…

 You can organized your users by sub organizational units as well


Fill up the form


Depending on your local policy, the username might be: • FirstName.LastName • [1st letter first name][last name]

 It doesn’t matter as long as this is the same pattern for all users!

Register the user to some group


Edit user To update the user using the same wizard:  Right click on user  Properties


The Edit Entry… is a technical link.

You can add email + address data.