Difference between revisions of "Web app PhpLdapAdmin"
 
(2 intermediate revisions by the same user not shown)
Line 2: Line 2:
  
 
PhpLdapAdmin allows to manage the LDAP online.  
 
PhpLdapAdmin allows to manage the LDAP online.  
 
You can also give that URL to your users so they can manage their own password and profile.
 
 
  
  
Line 42: Line 39:
  
 
<syntaxhighlight lang="php">
 
<syntaxhighlight lang="php">
 +
$config->custom->session['blowfish'] = 'thisIsACrazyStringValueThatIsUsedToEncryptedData';
 +
 
$servers = new Datastore();
 
$servers = new Datastore();
 
$servers->newServer('ldap_pla');
 
$servers->newServer('ldap_pla');
Line 49: Line 48:
 
$servers->setValue('server','base',array('dc=dev,dc=daxiongmao,dc=eu'));
 
$servers->setValue('server','base',array('dc=dev,dc=daxiongmao,dc=eu'));
 
$servers->setValue('login','auth_type','session');
 
$servers->setValue('login','auth_type','session');
$servers->setValue('login','bind_id','cn=admin,dc=dev,dc=daxiongmao,dc=eu');
+
 
 +
$servers->setValue('login','bind_id','');
 +
$servers->setValue('login','bind_pass','');
 +
 
 +
$servers->setValue('login','attr','uid');
 +
$servers->setValue('login','base',array('ou=people,dc=dev,dc=daxiongmao,dc=eu'));
 +
$servers->setValue('server','read_only',false);
 +
 
 
</syntaxhighlight>
 
</syntaxhighlight>
  
Line 61: Line 67:
 
service apache2 reload
 
service apache2 reload
 
</syntaxhighlight>
 
</syntaxhighlight>
 
 
 
=Access service=
 
 
Then you can access Ldap Account Manager on: http://myServer/phpldapadmin 
 
  
  
Line 95: Line 95:
  
  
 +
==Apache access restrictions==
  
Login using Admin password
 
Login:
 
 
  
Login user: cn=admin,{ldap DN}
 
  
Basic configuration
 
Create Organizational Units
 
Create a child entry 
 
Generic organizational unit  [ou=] 
 
Create:
 
 people
 
 groups
 
  
Create Groups
 
Then, create 2 groups called “administrators” & “users”
 
Click on ou=groups
 
Create a child entry
 
Create a generic posix group [cn=] 
 
Create:
 
 administrators
 
 users
 
  
Create Users
 
Create some users
 
Click on ou=people
 
Create a child entry
 
Create a generic User Account  [ua=] 
 
  
+
=Access service=
  
Installation # Graphical interface [client side]
+
Then you can access Ldap Account Manager on: http://myServer/phpldapadmin 
On the local machine you can download a LDAP browser to manage it remotely.
 
  
I’ll use “LDAP Admin” http://www.ldapadmin.org/
 
  
Installation
+
==Login==
 Download the latest version
 
o Choose the EXE version
 
 Unzip it to the target directory
 
  
Create new connection
+
Login using Admin password
 Just run “LdapAdmin.exe”
 
 Start  Connect
 
 
  
 Create a new connection
 
o Double click on “new connection”
 
 
Fill up the form like this:
 
 
Then you can connect to the remote server
 
  
Configuration
+
[[File:Phpldapadmin login.png|none|PhpLdapAdmin login]]
Create new Organizational Units
 
Right click to the root  New  Organizational Unit…
 
  
 
  
 +
Login user: cn=admin,{ldap DN}
  
Create:
 
 people for users
 
 groups for users groups
 
 locations specific area
 
 applications
 
 
Create new groups
 
 Right click on “ou=groups”  New  Group…
 
  
Create:
+
==Basic configuration==
 administrators Domain administrators
 
 users Domain users
 
 services System and services accounts
 
  
 +
===Create Organizational Units===
  
Create locations structure
+
* Create a child entry 
 Right click on “ou=locations”  New  Location…
+
* Generic organizational unit  [ou=
  
You can create a location tree to sort your users.
+
Create:
Example:
+
** people
+
** groups
  
Create users
 
 Right click on “ou=users”  New  User…
 
  
 You can organized your users by sub organizational units as well
+
===Create Groups===
 
  
Fill up the form
+
Then, create 2 groups called “administrators” & “users”
  
+
* Click on ou=groups
 +
* Create a child entry
 +
* Create a generic posix group [cn=] 
  
Depending on your local policy, the username might be:
+
Create:
• FirstName.LastName
+
** administrators
• [1st letter first name][last name]
+
** users
 
 
 It doesn’t matter as long as this is the same pattern for all users!
 
 
 
Register the user to some group
 
 
  
Edit user
 
To update the user using the same wizard:
 
 Right click on user  Properties
 
 
  
The Edit Entry… is a technical link.
+
===Create Users===
  
You can add email + address data.
+
* Create some users
 +
* Click on ou=people
 +
* Create a child entry
 +
* Create a generic User Account  [ua=]

Latest revision as of 16:48, 26 November 2014


PhpLdapAdmin allows to manage the LDAP online.


Requirements

You need both a LDAP and Web server to use this application.


Installation

Source: http://phpldapadmin.sourceforge.net/wiki/index.php/Main_Page

Packages

apt-get install phpldapadmin
apt-get install php-fpdf


Configuration

Edit configuration 

vim /etc/phpldapadmin/config.php


Edit / adjust following lines: 

$config->custom->session['blowfish'] = 'thisIsACrazyStringValueThatIsUsedToEncryptedData';

$servers = new Datastore();
$servers->newServer('ldap_pla');
$servers->setValue('server','name','DEV daxiongmao.eu LDAP');
$servers->setValue('server','host','dev.daxiongmao.eu');
// $servers->setValue('server','port',389);
$servers->setValue('server','base',array('dc=dev,dc=daxiongmao,dc=eu'));
$servers->setValue('login','auth_type','session');

$servers->setValue('login','bind_id','');
$servers->setValue('login','bind_pass','');

$servers->setValue('login','attr','uid');
$servers->setValue('login','base',array('ou=people,dc=dev,dc=daxiongmao,dc=eu'));
$servers->setValue('server','read_only',false);


!! Adjust to your own LDAP settings !!


Reload apache2 configuration 

service apache2 reload


Improve security

Alias name

For better security you should not use /phpldapadmin but something else.


Edit configuration file: 

vim /etc/phpldapadmin/apache.conf

Adjust 

# Define /phpldapadmin alias, this is the default
<IfModule mod_alias.c>
Alias /phpldapadmin /usr/share/phpldapadmin/htdocs
</IfModule>

Replace phpldapadmin by your own value. For instance: ldapmanager


Apache access restrictions

Access service

Then you can access Ldap Account Manager on: http://myServer/phpldapadmin


Login

Login using Admin password


PhpLdapAdmin login


Login user: cn=admin,{ldap DN}


Basic configuration

Create Organizational Units

  • Create a child entry
  • Generic organizational unit [ou=]

Create:

    • people
    • groups


Create Groups

Then, create 2 groups called “administrators” & “users”

  • Click on ou=groups
  • Create a child entry
  • Create a generic posix group [cn=]

Create:

    • administrators
    • users


Create Users

  • Create some users
  • Click on ou=people
  • Create a child entry
  • Create a generic User Account [ua=]
Retrieved from "http://www.daxiongmao.eu/wiki/index.php?title=Web_app_PhpLdapAdmin&oldid=1912"