Web app PhpLdapAdmin
PhpLdapAdmin allows to manage the LDAP online.
You can also give that URL to your users so they can manage their own password and profile.
Contents
Requirements
You need both a LDAP and Web server to use this application.
Installation
Source: http://phpldapadmin.sourceforge.net/wiki/index.php/Main_Page
Packages
apt-get install phpldapadmin
apt-get install php-fpdf
Configuration
Edit configuration
vim /etc/phpldapadmin/config.php
Edit / adjust following lines:
$config->custom->session['blowfish'] = 'thisIsACrazyStringValueThatIsUsedToEncryptedData';
$servers = new Datastore();
$servers->newServer('ldap_pla');
$servers->setValue('server','name','DEV daxiongmao.eu LDAP');
$servers->setValue('server','host','dev.daxiongmao.eu');
// $servers->setValue('server','port',389);
$servers->setValue('server','base',array('dc=dev,dc=daxiongmao,dc=eu'));
$servers->setValue('login','auth_type','session');
$servers->setValue('login','bind_id','');
$servers->setValue('login','bind_pass','');
$servers->setValue('login','attr','uid');
$servers->setValue('login','base',array('ou=people,dc=dev,dc=daxiongmao,dc=eu'));
$servers->setValue('server','read_only',false);
!! Adjust to your own LDAP settings !!
Reload apache2 configuration
service apache2 reload
Improve security
Alias name
For better security you should not use /phpldapadmin but something else.
Edit configuration file:
vim /etc/phpldapadmin/apache.conf
Adjust
# Define /phpldapadmin alias, this is the default
<IfModule mod_alias.c>
Alias /phpldapadmin /usr/share/phpldapadmin/htdocs
</IfModule>
Replace phpldapadmin by your own value. For instance: ldapmanager
Apache access restrictions
Access service
Then you can access Ldap Account Manager on: http://myServer/phpldapadmin
Login
Login using Admin password
Login user: cn=admin,{ldap DN}
Basic configuration
Create Organizational Units
- Create a child entry
- Generic organizational unit [ou=]
Create:
- people
- groups
Create Groups
Then, create 2 groups called “administrators” & “users”
- Click on ou=groups
- Create a child entry
- Create a generic posix group [cn=]
Create:
- administrators
- users
Create Users
- Create some users
- Click on ou=people
- Create a child entry
- Create a generic User Account [ua=]