Web app PhpLdapAdmin


PhpLdapAdmin allows to manage the LDAP online.


Requirements

You need both a LDAP and Web server to use this application.


Installation

Source: http://phpldapadmin.sourceforge.net/wiki/index.php/Main_Page

Packages

apt-get install phpldapadmin
apt-get install php-fpdf


Configuration

Edit configuration

vim /etc/phpldapadmin/config.php


Edit / adjust following lines:

$config->custom->session['blowfish'] = 'thisIsACrazyStringValueThatIsUsedToEncryptedData';

$servers = new Datastore();
$servers->newServer('ldap_pla');
$servers->setValue('server','name','DEV daxiongmao.eu LDAP');
$servers->setValue('server','host','dev.daxiongmao.eu');
// $servers->setValue('server','port',389);
$servers->setValue('server','base',array('dc=dev,dc=daxiongmao,dc=eu'));
$servers->setValue('login','auth_type','session');

$servers->setValue('login','bind_id','');
$servers->setValue('login','bind_pass','');

$servers->setValue('login','attr','uid');
$servers->setValue('login','base',array('ou=people,dc=dev,dc=daxiongmao,dc=eu'));
$servers->setValue('server','read_only',false);


!! Adjust to your own LDAP settings !!


Reload apache2 configuration

service apache2 reload


Improve security

Alias name

For better security you should not use /phpldapadmin but something else.


Edit configuration file:

vim /etc/phpldapadmin/apache.conf

Adjust

# Define /phpldapadmin alias, this is the default
<IfModule mod_alias.c>
Alias /phpldapadmin /usr/share/phpldapadmin/htdocs
</IfModule>

Replace phpldapadmin by your own value. For instance: ldapmanager


Apache access restrictions

Access service

Then you can access Ldap Account Manager on: http://myServer/phpldapadmin


Login

Login using Admin password


PhpLdapAdmin login


Login user: cn=admin,{ldap DN}


Basic configuration

Create Organizational Units

  • Create a child entry
  • Generic organizational unit [ou=]

Create:

    • people
    • groups


Create Groups

Then, create 2 groups called “administrators” & “users”

  • Click on ou=groups
  • Create a child entry
  • Create a generic posix group [cn=]

Create:

    • administrators
    • users


Create Users

  • Create some users
  • Click on ou=people
  • Create a child entry
  • Create a generic User Account [ua=]