PhpLDAPadmin: Setting Up a Graphical Management Solution for OpenLDAP

Introduction link

Managing an OpenLDAP database is not always simple, especially when you don’t know all the fields by heart (and there are so many of them).

Here’s a fairly simple web-based interface to use. For those curious about other graphical interfaces (non-web), there are:

• The well-known but buggy GQ
• The less known but very good Apache Directory Studio

Installation link

Let’s use the magic command:

  apt-get install phpldapadmin
  

Configuration link

Minimum Configuration link

Edit the file /etc/phpldapadmin/config.php and adapt these lines:

  $ldapservers->SetValue($i,'server','name','Deimos LDAP Server');
$ldapservers->SetValue($i,'server','host','127.0.0.1');
$ldapservers->SetValue($i,'server','base',array('dc=deimos,dc=fr'));
$ldapservers->SetValue($i,'server','auth_type','session');
$ldapservers->SetValue($i,'login','dn','cn=admin,dc=deimos,dc=fr');
$ldapservers->SetValue($i,'login','pass','le_bon_mot_de_passe_a_entrer');
  

Disabling Anonymous Account link

Edit the file /etc/phpldapadmin/config.php. First, we don’t need to allow people without accounts to have read access to the LDAP through our new interface. Here’s the line to look for:

  /* Enable anonymous bind login. */
// $ldapservers->SetValue($i,'login','anon_bind',true);
  

Replace it with:

  $ldapservers->SetValue($i,'login','anon_bind',false);
  

Lighttpd link

A little configuration for Lighttpd? Let’s go:

  # Alias for phpldapadmin directory
alias.url += (
   "/phpldapadmin" => "/usr/share/phpldapadmin/htdocs"
)
  

I think this configuration is not optimal and certainly not very secure, but at least it works.