Difference between revisions of "Web app PhpLdapAdmin"

(Created page with "Category:Linux PhpLdapAdmin allows to manage the LDAP online. You can also give that URL to your users so they can manage their own password and profile. =Requiremen...")
 
 
(3 intermediate revisions by the same user not shown)
Line 2: Line 2:
  
 
PhpLdapAdmin allows to manage the LDAP online.  
 
PhpLdapAdmin allows to manage the LDAP online.  
 
You can also give that URL to your users so they can manage their own password and profile.
 
  
  
Line 41: Line 39:
  
 
<syntaxhighlight lang="php">
 
<syntaxhighlight lang="php">
 +
$config->custom->session['blowfish'] = 'thisIsACrazyStringValueThatIsUsedToEncryptedData';
 +
 
$servers = new Datastore();
 
$servers = new Datastore();
 
$servers->newServer('ldap_pla');
 
$servers->newServer('ldap_pla');
Line 48: Line 48:
 
$servers->setValue('server','base',array('dc=dev,dc=daxiongmao,dc=eu'));
 
$servers->setValue('server','base',array('dc=dev,dc=daxiongmao,dc=eu'));
 
$servers->setValue('login','auth_type','session');
 
$servers->setValue('login','auth_type','session');
$servers->setValue('login','bind_id','cn=admin,dc=dev,dc=daxiongmao,dc=eu');
+
 
 +
$servers->setValue('login','bind_id','');
 +
$servers->setValue('login','bind_pass','');
 +
 
 +
$servers->setValue('login','attr','uid');
 +
$servers->setValue('login','base',array('ou=people,dc=dev,dc=daxiongmao,dc=eu'));
 +
$servers->setValue('server','read_only',false);
 +
 
 
</syntaxhighlight>
 
</syntaxhighlight>
  
Line 58: Line 65:
  
 
<syntaxhighlight lang="bash">
 
<syntaxhighlight lang="bash">
# service apache2 reload
+
service apache2 reload
 +
</syntaxhighlight>
 +
 
 +
 
 +
 
 +
=Improve security=
 +
 
 +
==Alias name==
  
 +
For better security you should not use '''/phpldapadmin''' but something else.
  
Access service
 
Then you can access Ldap Account Manager on: http://myServer/phpldapadmin 
 
  
Improve security
 
For better security you should not use /phpldapadmin but something else.
 
 
Edit configuration file:
 
Edit configuration file:
# vim /etc/phpldapadmin/apache.conf
+
 
 +
<syntaxhighlight lang="bash">
 +
vim /etc/phpldapadmin/apache.conf
 +
</syntaxhighlight>
  
 
Adjust
 
Adjust
 +
 +
<syntaxhighlight lang="bash">
 
# Define /phpldapadmin alias, this is the default
 
# Define /phpldapadmin alias, this is the default
 
<IfModule mod_alias.c>
 
<IfModule mod_alias.c>
 
Alias /phpldapadmin /usr/share/phpldapadmin/htdocs
 
Alias /phpldapadmin /usr/share/phpldapadmin/htdocs
 
</IfModule>
 
</IfModule>
 +
</syntaxhighlight>
  
Replace phpldapadmin by your own value. For instance: ldapmanager
+
Replace ''phpldapadmin'' by your own value. For instance: ''ldapmanager''
  
Login using Admin password
 
Login:
 
 
  
Login user: cn=admin,{ldap DN}
+
==Apache access restrictions==
  
Basic configuration
 
Create Organizational Units
 
Create a child entry 
 
Generic organizational unit  [ou=] 
 
Create:
 
 people
 
 groups
 
  
Create Groups
 
Then, create 2 groups called “administrators” & “users”
 
Click on ou=groups
 
Create a child entry
 
Create a generic posix group [cn=] 
 
Create:
 
 administrators
 
 users
 
  
Create Users
 
Create some users
 
Click on ou=people
 
Create a child entry
 
Create a generic User Account  [ua=] 
 
  
 
  
Installation # Graphical interface [client side]
 
On the local machine you can download a LDAP browser to manage it remotely.
 
  
I’ll use “LDAP Admin” http://www.ldapadmin.org/
+
=Access service=
  
Installation
+
Then you can access Ldap Account Manager on: http://myServer/phpldapadmin 
 Download the latest version
 
o Choose the EXE version
 
 Unzip it to the target directory
 
  
Create new connection
 
 Just run “LdapAdmin.exe”
 
 Start  Connect
 
 
  
 Create a new connection
+
==Login==
o Double click on “new connection”
 
 
Fill up the form like this:
 
 
Then you can connect to the remote server
 
  
Configuration
+
Login using Admin password
Create new Organizational Units
 
Right click to the root  New  Organizational Unit…
 
  
 
  
 +
[[File:Phpldapadmin login.png|none|PhpLdapAdmin login]]
  
Create:
 
 people for users
 
 groups for users groups
 
 locations specific area
 
 applications
 
  
Create new groups
+
Login user: cn=admin,{ldap DN}
 Right click on “ou=groups”  New  Group…
 
  
Create:
 
 administrators Domain administrators
 
 users Domain users
 
 services System and services accounts
 
  
 +
==Basic configuration==
  
Create locations structure
+
===Create Organizational Units===
 Right click on “ou=locations”  New  Location…
 
  
You can create a location tree to sort your users.
+
* Create a child entry 
Example:
+
* Generic organizational unit [ou=] 
   
 
  
Create users
+
Create:
 Right click on “ou=users”  New  User…
+
** people
 +
** groups
  
 You can organized your users by sub organizational units as well
 
 
  
Fill up the form
+
===Create Groups===
  
+
Then, create 2 groups called “administrators” & “users”
  
Depending on your local policy, the username might be:
+
* Click on ou=groups
• FirstName.LastName
+
* Create a child entry
[1st letter first name][last name]
+
* Create a generic posix group [cn=]  
  
 It doesn’t matter as long as this is the same pattern for all users!
+
Create:
 
+
** administrators
Register the user to some group
+
** users
 
  
Edit user
 
To update the user using the same wizard:
 
 Right click on user  Properties
 
 
  
The Edit Entry… is a technical link.
+
===Create Users===
  
You can add email + address data.
+
* Create some users
 +
* Click on ou=people
 +
* Create a child entry
 +
* Create a generic User Account  [ua=]

Latest revision as of 16:48, 26 November 2014


PhpLdapAdmin allows to manage the LDAP online.


Requirements

You need both a LDAP and Web server to use this application.


Installation

Source: http://phpldapadmin.sourceforge.net/wiki/index.php/Main_Page

Packages

apt-get install phpldapadmin
apt-get install php-fpdf


Configuration

Edit configuration 

vim /etc/phpldapadmin/config.php


Edit / adjust following lines: 

$config->custom->session['blowfish'] = 'thisIsACrazyStringValueThatIsUsedToEncryptedData';

$servers = new Datastore();
$servers->newServer('ldap_pla');
$servers->setValue('server','name','DEV daxiongmao.eu LDAP');
$servers->setValue('server','host','dev.daxiongmao.eu');
// $servers->setValue('server','port',389);
$servers->setValue('server','base',array('dc=dev,dc=daxiongmao,dc=eu'));
$servers->setValue('login','auth_type','session');

$servers->setValue('login','bind_id','');
$servers->setValue('login','bind_pass','');

$servers->setValue('login','attr','uid');
$servers->setValue('login','base',array('ou=people,dc=dev,dc=daxiongmao,dc=eu'));
$servers->setValue('server','read_only',false);


!! Adjust to your own LDAP settings !!


Reload apache2 configuration 

service apache2 reload


Improve security

Alias name

For better security you should not use /phpldapadmin but something else.


Edit configuration file: 

vim /etc/phpldapadmin/apache.conf

Adjust 

# Define /phpldapadmin alias, this is the default
<IfModule mod_alias.c>
Alias /phpldapadmin /usr/share/phpldapadmin/htdocs
</IfModule>

Replace phpldapadmin by your own value. For instance: ldapmanager


Apache access restrictions

Access service

Then you can access Ldap Account Manager on: http://myServer/phpldapadmin


Login

Login using Admin password


PhpLdapAdmin login


Login user: cn=admin,{ldap DN}


Basic configuration

Create Organizational Units

  • Create a child entry
  • Generic organizational unit [ou=]

Create:

    • people
    • groups


Create Groups

Then, create 2 groups called “administrators” & “users”

  • Click on ou=groups
  • Create a child entry
  • Create a generic posix group [cn=]

Create:

    • administrators
    • users


Create Users

  • Create some users
  • Click on ou=people
  • Create a child entry
  • Create a generic User Account [ua=]
Retrieved from "http://www.daxiongmao.eu/wiki/index.php?title=Web_app_PhpLdapAdmin&oldid=1912"