PhpLDAPadmin: Setting Up a Graphical Management Solution for OpenLDAP

Introduction

Managing an OpenLDAP database is not always simple, especially when you don't know all the fields by heart (and there are so many of them).

Here's a fairly simple web-based interface to use. For those curious about other graphical interfaces (non-web), there are:

• The well-known but buggy GQ
• The less known but very good Apache Directory Studio

Installation

Let's use the magic command:

1

apt-get install phpldapadmin

Configuration

Minimum Configuration

Edit the file /etc/phpldapadmin/config.php and adapt these lines:

1
2
3
4
5
6

$ldapservers->SetValue($i,'server','name','Deimos LDAP Server');
$ldapservers->SetValue($i,'server','host','127.0.0.1');
$ldapservers->SetValue($i,'server','base',array('dc=deimos,dc=fr'));
$ldapservers->SetValue($i,'server','auth_type','session');
$ldapservers->SetValue($i,'login','dn','cn=admin,dc=deimos,dc=fr');
$ldapservers->SetValue($i,'login','pass','le_bon_mot_de_passe_a_entrer');

Disabling Anonymous Account

Edit the file /etc/phpldapadmin/config.php. First, we don't need to allow people without accounts to have read access to the LDAP through our new interface. Here's the line to look for:

1
2

/* Enable anonymous bind login. */
// $ldapservers->SetValue($i,'login','anon_bind',true);

Replace it with:

1

$ldapservers->SetValue($i,'login','anon_bind',false);

Lighttpd

A little configuration for Lighttpd? Let's go:

1
2
3
4

# Alias for phpldapadmin directory
alias.url += (
   "/phpldapadmin" => "/usr/share/phpldapadmin/htdocs"
)

I think this configuration is not optimal and certainly not very secure, but at least it works.