<?xml version="1.0" encoding="utf-8"?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang="fr" xml:lang="fr"> <head> <meta name="generator" content= "HTML Tidy for Linux/x86 (vers 7 December 2008), see www.w3.org" /> <title>Lemonldap::NG documentation: 5-Appli-phpLDAPadmin.html</title> <meta http-equiv="Content-Type" content="text/html; charset=us-ascii" /> <style type="text/css"> /*<![CDATA[*/ body{ background: #ddd; font-family: sans-serif; font-size: 11pt; padding: 0 50px; } div.main-content{ padding: 10px; background: #fff; border: 2px #ccc solid; } a{ text-decoration: none; } p.footer{ text-align: center; margin: 5px 0 0 0; } .heading-1{ text-align: center; color: orange; font-variant: small-caps; font-size: 20pt; } .heading-1-1{ color: orange; font-size: 14pt; border-bottom: 2px #ccc solid; } pre{ background: #eee; border: 2px #ccc solid; padding: 5px; border-left: 10px #ccc solid; } ul.star li{ list-style-type: square; } /*]]>*/ </style> </head> <body> <div class="main-content"> <h2 class="heading-1"><span id="HphpLDAPadmin">phpLDAPadmin</span></h2> <p class="paragraph"></p> <ul> <li><a href="#HPresentation">Presentation</a></li> <li> <a href="#HSimpleintegration">Simple integration</a> <ul> <li><a href="#HphpLDAPadminconfiguration">phpLDAPadmin configuration</a></li> <li><a href="#HApacheconfiguration">Apache configuration</a></li> <li><a href="#HLemonLDAP3A3ANGconfiguration">LemonLDAP::NG configuration</a></li> </ul> </li> <li><a href="#HComplexintegration">Complex integration</a></li> </ul> <h3 class="heading-1-1"><span id="HPresentation">Presentation</span></h3> <p class="paragraph"></p>phpLDAPadmin is an LDAP administration tool written in PHP. See <span class="wikiexternallink"><a href= "http://phpldapadmin.sourceforge.net/">http://phpldapadmin.sourceforge.net/</a></span> for more informations. <h3 class="heading-1-1"><span id="HSimpleintegration">Simple integration</span></h3> <p class="paragraph"></p>This integration is easy: phpLDAPadmin will connect to the directory with a static DN and password, and so will not request authentication anymore. The access to phpLDAPadmin will be protected by LemonLDAP::NG with specific access rules. <p class="paragraph"></p>Warning: phpLDAPadmin will have no idea of the user connected to the WebSSO. So a simple user can have admin rights on the LDAP directory if your access rules are too lazy. <h4 class="heading-1-1-1"><span id= "HphpLDAPadminconfiguration">phpLDAPadmin configuration</span></h4> <p class="paragraph"></p>Just set the authentication type to 'config' and indicate DN and password inside the file config.php: <p class="paragraph"></p> <div class="code"> <pre> $ldapservers->SetValue($i,'server','auth_type','config'); $ldapservers->SetValue($i,'login','dn','cn=Manager,dc=example,dc=com'); $ldapservers->SetValue($i,'login','pass','secret'); </pre> </div> <p class="paragraph"></p>Save and close. <h4 class="heading-1-1-1"><span id="HApacheconfiguration">Apache configuration</span></h4> <p class="paragraph"></p>We recommend to create a virtualhost for phpLDAPadmin (eg. <span class="nobr"><a href= "http://pla.example.com">http://pla.example.com</a></span>). Then configure this virtualhost in your existing Apache configuration: <p class="paragraph"></p> <div class="code"> <pre> # The following lines must be set once <span class= "java-keyword">for</span> all virtualhosts NameVirtualHost *<br /><br />PerlRequire /opt/lemonldap-ng/handler/Handler.pm PerlOptions +GlobalRequest <Files ~ <span class="java-quote">".(pl)$"</span>> SetHandler perl-script PerlHandler ModPerl::Registry PerlSendHeader On </Files><br /><br /># Define here all <span class= "java-keyword">protected</span> virtualhosts<br /><br /><VirtualHost *> ServerName pla.example.com ServerSignature Off<br /><br /> DocumentRoot /opt/phpldapadmin DirectoryIndex index.php<br /><br /> PerlHeaderParserHandler Handler<br /><br /> <Location /refresh> PerlHeaderParserHandler Handler->refresh </Location><br /><br /> LogLevel warn ErrorLog /<span class= "java-keyword">var</span>/log/httpd/phpldapadmin-error.log CustomLog /<span class= "java-keyword">var</span>/log/httpd/phphldapadmin-access.log combined </VirtualHost> </pre> </div> <h4 class="heading-1-1-1"><span id= "HLemonLDAP3A3ANGconfiguration">LemonLDAP::NG configuration</span></h4><br /> <br /> Go to the manager and create a new virtual host:<br /> <br /> <div class="code"> <pre> pla.example.com </pre> </div><br /> <br /> Then create the access rule. Some examples:<br /> <br /> <div class="code"> <pre> <span class="java-keyword">default</span> => accept </pre> </div><br /> <br /> <div class="code"> <pre> <span class="java-keyword">default</span> => $groups ~= \badmin\b </pre> </div><br /> <br /> Remove all HTTP_HEADERS, because they are not used! <h3 class="heading-1-1"><span id="HComplexintegration">Complex integration</span></h3><br /> <br /> This is a feature request: <span class="wikiexternallink"><a href= "https://sourceforge.net/tracker/index.php?func=detail&aid=2073323&group_id=61828&atid=498549"> https://sourceforge.net/tracker/index.php?func=detail&aid=2073323&group_id=61828&atid=498549</a></span> </div> <p class="footer"><a href="index.html">Index</a></p> </body> </html>