phpLDAPadmin

phpLDAPadmin

• Presentation
• Simple integration
  • phpLDAPadmin configuration
  • Apache configuration
  • LemonLDAP::NG configuration
• Complex integration

Presentation

phpLDAPadmin is an LDAP administration tool written in PHP. See http://phpldapadmin.sourceforge.net/ for more informations.

Simple integration

This integration is easy: phpLDAPadmin will connect to the directory with a static DN and password, and so will not request authentication anymore. The access to phpLDAPadmin will be protected by LemonLDAP::NG with specific access rules.

Warning: phpLDAPadmin will have no idea of the user connected to the WebSSO. So a simple user can have admin rights on the LDAP directory if your access rules are too lazy.

phpLDAPadmin configuration

Just set the authentication type to 'config' and indicate DN and password inside the file config.php:

$ldapservers->SetValue($i,'server','auth_type','config');
$ldapservers->SetValue($i,'login','dn','cn=Manager,dc=example,dc=com');
$ldapservers->SetValue($i,'login','pass','secret');

Save and close.

Apache configuration

We recommend to create a virtualhost for phpLDAPadmin (eg. http://pla.example.com). Then configure this virtualhost in your existing Apache configuration:

# The following lines must be set once for all virtualhosts 
NameVirtualHost *
PerlRequire /opt/lemonldap-ng/handler/Handler.pm
PerlOptions +GlobalRequest
<Files ~ ".(pl)$">
        SetHandler      perl-script
        PerlHandler     ModPerl::Registry
        PerlSendHeader  On
</Files>
# Define here all protected virtualhosts
<VirtualHost *>
        ServerName pla.example.com
        ServerSignature Off
        DocumentRoot /opt/phpldapadmin
        DirectoryIndex index.php
        PerlHeaderParserHandler Handler
        <Location /refresh>
                PerlHeaderParserHandler Handler->refresh
        </Location>
        LogLevel warn
        ErrorLog /var/log/httpd/phpldapadmin-error.log
        CustomLog /var/log/httpd/phphldapadmin-access.log combined
</VirtualHost>

LemonLDAP::NG configuration

Go to the manager and create a new virtual host:

pla.example.com

Then create the access rule. Some examples:

default => accept

default => $groups ~= \badmin\b

Remove all HTTP_HEADERS, because they are not used!

Complex integration

This is a feature request: https://sourceforge.net/tracker/index.php?func=detail&aid=2073323&group_id=61828&atid=498549