lemonldap-ng/doc/sources/admin/applications/phpldapadmin.rst

phpLDAPadmin
============

|image0|

Presentation
------------

`phpLDAPadmin <http://phpldapadmin.sourceforge.net>`__ is an LDAP
administration tool written in PHP.

phpLDAPadmin will connect to the directory with a static DN and
password, and so will not request authentication anymore. The access to
phpLDAPadmin will be protected by LemonLDAP::NG with specific access
rules.


.. danger::

    phpLDAPadmin will have no idea of the user connected to
    the WebSSO. So a simple user can have admin rights on the LDAP directory
    if your access rules are too lazy.

Configuration
-------------

phpLDAPadmin local configuration
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Just set the authentication type to ``config`` and indicate DN and
password inside the file ``config.php``:

.. code-block:: php

   $servers->SetValue('login','auth_type','config');
   $servers->SetValue('login','bind_id','cn=Manager,dc=example,dc=com');
   $servers->SetValue('login','bind_pass','secret');

phpLDAPadmin virtual host
~~~~~~~~~~~~~~~~~~~~~~~~~

Configure phpLDAPadmin virtual host like other
:doc:`protected virtual host<../configvhost>`.

-  For Apache:

.. code-block:: apache

   <VirtualHost *:80>
          ServerName phpldapadmin.example.com

          PerlHeaderParserHandler Lemonldap::NG::Handler

          ...

   </VirtualHost>

-  For Nginx:

.. code-block:: nginx

   server {
     listen 80;
     server_name phpldapadmin.example.com;
     root /path/to/application;
     # Internal authentication request
     location = /lmauth {
       internal;
       include /etc/nginx/fastcgi_params;
       fastcgi_pass unix:/var/run/llng-fastcgi-server/llng-fastcgi.sock;
       # Drop post datas
       fastcgi_pass_request_body  off;
       fastcgi_param CONTENT_LENGTH "";
       # Keep original hostname
       fastcgi_param HOST $http_host;
       # Keep original request (LLNG server will received /llauth)
       fastcgi_param X_ORIGINAL_URI  $original_uri;
     }

     # Client requests
     location / {
       auth_request /lmauth;
       set $original_uri $uri$is_args$args;
       auth_request_set $lmremote_user $upstream_http_lm_remote_user;
       auth_request_set $lmlocation $upstream_http_location;
       error_page 401 $lmlocation;
       try_files $uri $uri/ =404;

       ...

       include /etc/lemonldap-ng/nginx-lua-headers.conf;
     }
     location / {
       try_files $uri $uri/ =404;
     }
   }

phpLDAPadmin virtual host in Manager
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Go to the Manager and :doc:`create a new virtual host<../configvhost>`
for phpLDAPadmin.

Just configure the :ref:`access rules<rules>`.

No :ref:`headers<headers>` are required.

.. |image0| image:: /applications/phpldapadmin_logo.png
   :class: align-center
First version of imported doc (#1646) 2020-05-14 23:29:41 +02:00			`phpLDAPadmin`
			`============`

			`\|image0\|`

			`Presentation`
			`------------`

			`phpLDAPadmin <http://phpldapadmin.sourceforge.net>`__ is an LDAP
			`administration tool written in PHP.`

			`phpLDAPadmin will connect to the directory with a static DN and`
			`password, and so will not request authentication anymore. The access to`
			`phpLDAPadmin will be protected by LemonLDAP::NG with specific access`
			`rules.`


doc: fix markup 2020-05-21 15:13:24 +02:00			`.. danger::`
First version of imported doc (#1646) 2020-05-14 23:29:41 +02:00
			`phpLDAPadmin will have no idea of the user connected to`
			`the WebSSO. So a simple user can have admin rights on the LDAP directory`
			`if your access rules are too lazy.`

			`Configuration`
			`-------------`

			`phpLDAPadmin local configuration`
			`~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~`

			Just set the authentication type to ``config`` and indicate DN and
			password inside the file ``config.php``:

doc: fix markup 2020-05-21 15:13:24 +02:00			`.. code-block:: php`
First version of imported doc (#1646) 2020-05-14 23:29:41 +02:00
doc: update phpldapadmin page (#2194) 2020-05-26 18:55:04 +02:00			`$servers->SetValue('login','auth_type','config');`
			`$servers->SetValue('login','bind_id','cn=Manager,dc=example,dc=com');`
			`$servers->SetValue('login','bind_pass','secret');`
First version of imported doc (#1646) 2020-05-14 23:29:41 +02:00
			`phpLDAPadmin virtual host`
			`~~~~~~~~~~~~~~~~~~~~~~~~~`

			`Configure phpLDAPadmin virtual host like other`
			:doc:`protected virtual host<../configvhost>`.

			`- For Apache:`

doc: fix markup 2020-05-21 15:13:24 +02:00			`.. code-block:: apache`
First version of imported doc (#1646) 2020-05-14 23:29:41 +02:00
			`<VirtualHost *:80>`
			`ServerName phpldapadmin.example.com`

			`PerlHeaderParserHandler Lemonldap::NG::Handler`

			`...`
doc: fix formatting 2020-05-18 09:56:39 +02:00
First version of imported doc (#1646) 2020-05-14 23:29:41 +02:00			`</VirtualHost>`

			`- For Nginx:`

doc: fix markup 2020-05-21 15:13:24 +02:00			`.. code-block:: nginx`
First version of imported doc (#1646) 2020-05-14 23:29:41 +02:00
			`server {`
			`listen 80;`
			`server_name phpldapadmin.example.com;`
			`root /path/to/application;`
			`# Internal authentication request`
			`location = /lmauth {`
			`internal;`
			`include /etc/nginx/fastcgi_params;`
			`fastcgi_pass unix:/var/run/llng-fastcgi-server/llng-fastcgi.sock;`
			`# Drop post datas`
			`fastcgi_pass_request_body off;`
			`fastcgi_param CONTENT_LENGTH "";`
			`# Keep original hostname`
			`fastcgi_param HOST $http_host;`
			`# Keep original request (LLNG server will received /llauth)`
Update doc and changelog for #2290 2020-09-06 19:22:32 +02:00			`fastcgi_param X_ORIGINAL_URI $original_uri;`
doc: fix formatting 2020-05-18 09:56:39 +02:00			`}`

First version of imported doc (#1646) 2020-05-14 23:29:41 +02:00			`# Client requests`
			`location / {`
			`auth_request /lmauth;`
Update doc and changelog for #2290 2020-09-06 19:22:32 +02:00			`set $original_uri $uri$is_args$args;`
First version of imported doc (#1646) 2020-05-14 23:29:41 +02:00			`auth_request_set $lmremote_user $upstream_http_lm_remote_user;`
			`auth_request_set $lmlocation $upstream_http_location;`
			`error_page 401 $lmlocation;`
			`try_files $uri $uri/ =404;`
doc: fix formatting 2020-05-18 09:56:39 +02:00
First version of imported doc (#1646) 2020-05-14 23:29:41 +02:00			`...`
doc: fix formatting 2020-05-18 09:56:39 +02:00
First version of imported doc (#1646) 2020-05-14 23:29:41 +02:00			`include /etc/lemonldap-ng/nginx-lua-headers.conf;`
			`}`
			`location / {`
			`try_files $uri $uri/ =404;`
			`}`
			`}`

			`phpLDAPadmin virtual host in Manager`
			`~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~`

			Go to the Manager and :doc:`create a new virtual host<../configvhost>`
			`for phpLDAPadmin.`

doc: fix formatting 2020-05-18 09:56:39 +02:00			Just configure the :ref:`access rules<rules>`.
First version of imported doc (#1646) 2020-05-14 23:29:41 +02:00
doc: fix formatting 2020-05-18 09:56:39 +02:00			No :ref:`headers<headers>` are required.
First version of imported doc (#1646) 2020-05-14 23:29:41 +02:00
			`.. \|image0\| image:: /applications/phpldapadmin_logo.png`
			`:class: align-center`