Install and configure phpldapadmin to manage your LDAP server on the Web Terminal

Enterprise applications also deal with LDAP from time to time, such as organizational structure, personnel management, and hierarchical permission control. In the past, LDAP browser, a client tool, was used to manage LDAP, which is sometimes inconvenient. Fortunately, there is a ready-made and fully functional LDAP web management tool on the Internet, namely phpldapadmin, a sister of phpMyAdmin.

Web-based phpldapadmin is easy to publish and can be used everywhere. Basically, it has all the functions of the LDAP browser client tool, such as entry management, attribute management, import and export, and conditional search. The schema information display function is not available in LDAP browser.

Phpldapadmin interface see: http://phpldapadmin.sourceforge.net/screenshots.php
You can also go to the demo site of phpldapadmin: The http://thesmithfam.org/phpldapadmin-demo/htdocs/index.php is faster first.

This article introduces the installation and experience of phpldapadmin. You should have a certain understanding of Apache, PHP, and LDAP. Because it does not involve very specific installation details, just pick the key description, so if you are too unfamiliar with the above, it may be a little bit difficult to think about in the middle.

I. Software preparation

1. Apache HTTP Server, version can be 1.x or 2.x, to the http://httpd.apache.org/download. Apache 1.3.28 is used in this test. I stole it and used the IBM HTTP server installed on was 5.1.

2. OpenLDAP for Windows, version 2.2.29, which can be downloaded from the http://download.bergmans.us/openldap/openldap-2.2.29/openldap-2.2.29-db-4.3.29-openssl-0.9.8a-win32_Setup.exe. You can also select another version.

3. PHP 5, the version used in this article is 5.2.6, download from http://cn.php.net/distributions/php-5.2.6-Win32.zip. Because the phpLDAPadmin-1.1.0.5 here requires PHP 5.

4. phpldapadmin, the current version is 1.1.0.5, but this article still uses version 1.1.0, because 1.1.0.5 I am using some problems, you can download from http://nchc.dl.sourceforge.net/sourceforge/phpldapadmin/phpldapadmin-1.1.0.zip.

Ii. Software Installation

1. install Apache

The installation, start, and stop of this item are not described in detail. % apache_home % is used to indicate the installation directory of Apache.

2. OpenLDAP installation Configuration

Refer to the previous article: install and use OpenLDAP in windows. Of course, you can also connect to an existing LDAP server, so this step can be skipped directly.

But we will use the directory structure in OpenLDAP samples (http://www.zytrax.com/books/ldap/ch5/index.html. Therefore, we need to change suffix, rootdn, and rootpw in slapd. conf under the OpenLDAP installation directory to the following:

Suffix "DC = example, Dc = com"
Rootdn "cn = jimbob, Dc = example, Dc = com"
Rootpw dirtysecret

Copy the content in the text box below and save it as the example. ldif file, for example, in the C root directory.

Version: 1 </P> <p> # For: DC = example, Dc = com, export ldif <br/> # By phpldapadmin (http://phpldapadmin.sourceforge.net /) <br/> # server: My LDAP Server (10.128.12.16) <br/> # search range: Sub <br/> # search filter: (objectclass = *) <br/> # Total number of entries: 15 </P> <p> dn: DC = example, Dc = com <br/> DC: example <br/> description: my wonderful company as much text as you want to place in this <br/> line up to 32 K continuation data for the line above must have or <br/> LF> I. e. enter works on both Windows and * nix system-new line must begin <br/> with one space <br/> objectclass: dcobject <br/> objectclass: organization <br/> O: example, Inc. </P> <p> dn: ou = MERs, Dc = example, Dc = com <br/> objectclass: organizationalunit <br/> ou: Customers <br/> description: customer Address Book branch </P> <p> dn: ou = equipment, Dc = example, Dc = com <br/> objectclass: organizationalunit <br/> ou: equipment <br/> Description: IT assets branch </P> <p> dn: Cn = lp1, ou = equipment, Dc = example, Dc = com <br/> objectclass: device <br/> CN: lp1 <br/> description: Some brand of printer <br/> serialnumber: 1-77-23-15 <br/> L: room 17 <br/> owner: Cn = John Smith, ou = people, Dc = example, Dc = com <br/> ou: printers </P> <p> dn: ou = groups, Dc = example, Dc = com <br/> objectclass: organizationalunit <br/> ou: groups <br/> description: generic groups branch </P> <p> dn: Cn = hrpeople, ou = groups, Dc = example, Dc = com <br/> objectclass: groupofnames <br/> CN: hrpeople <br/> Description: Human Resources Group <br/> Member: Cn = Robert Smith, ou = people, Dc = example, dc = com </P> <p> dn: Cn = itpeople, ou = groups, Dc = example, Dc = com <br/> objectclass: groupofnames <br/> CN: itpeople <br/> Description: IT security group <br/> Member: Cn = William Smith, ou = people, Dc = example, dc = com </P> <p> dn: Cn = salespeople, ou = groups, Dc = example, Dc = com <br/> objectclass: groupofnames <br/> CN: salespeople <br/> Description: sales group <br/> Member: Cn = John Smith, ou = people, Dc = example, Dc = com </P> <p> dn: ou = people, Dc = example, Dc = com <br/> ou: People <br/> Description: all people in Organization <br/> objectclass: organizationalunit </P> <p> dn: Cn = John Smith, ou = people, Dc = example, Dc = com <br/> objectclass: inetorgperson <br/> CN: john Smith <br/> CN: John J Smith <br/> Sn: Smith <br/> uid: jsmith <br/> userpassword: jsmith <br/> carlicense: hiscar 124 <br/> homephone: 555-111-2223 <br/> mail: j.smith@example.com <br/> mail: jsmith@example.com <br/> mail: john.smith@example.com <br/> ou: sales </P> <p> dn: ou = addressbook, Cn = John Smith, ou = people, Dc = example, Dc = com <br/> objectclass: organizationalunit <br/> ou: addressbook <br/> Description: personal address book </P> <p> dn: Cn = Robert Smith, ou = people, Dc = example, dc = com <br/> objectclass: inetorgperson <br/> CN: Robert Smith <br/> CN: Robert J Smith <br/> CN: bob Smith <br/> Sn: Smith <br/> uid: Smith <br/> userpassword: Smith <br/> carlicense: hiscar 123 <br/> homephone: 555-111-2222 <br/> mail: r.smith@example.com <br/> mail: rsmith@example.com <br/> mail: bob.smith@example.com <br/> Description: Drawing guy <br/> ou: human Resources </P> <p> dn: ou = addressbook, Cn = Robert Smith, ou = people, Dc = example, Dc = com <br/> objectclass: organizationalunit <br/> ou: addressbook <br/> Description: personal address book </P> <p> dn: Cn = Sheri Smith, ou = people, Dc = example, dc = com <br/> objectclass: inetorgperson <br/> CN: Sheri Smith <br/> Sn: Smith <br/> uid: ssmith <br/> userpassword: ssmith <br/> carlicense: hercar 125 <br/> homephone: 555-111-2225 <br/> mail: s.smith@example.com <br/> mail: ssmith@example.com <br/> mail: sheri.smith@example.com <br/> ou: It </P> <p> dn: ou = addressbook, Cn = Sheri Smith, ou = people, Dc = example, dc = com <br/> objectclass: organizationalunit <br/> ou: addressbook <br/> Description: personal address book
Then start OpenLDAP in slapd-D 1 and run the following command:

Ldapadd-X-d "cn = jimbob, Dc = example, Dc = com"-W dirtysecret-f c:/example. ldif

Import to OpenLDAP. Shows the directory structure of LDAP after import:

3. PHP configuration

Decompress the downloaded PHP file to a directory and use % php_home % to indicate the directory.

For the combination of PHP and Apache, see the install.txt file in the % php_home % directory. Simply put:

1) modify the % apache_home %/CONF/httpd. conf file. We configure it in Apache module mode. Add the following three lines at the end.

Loadmodule php5_module "% php_home %/php5apache. dll"
# For Apache 2, load php5apache2. dll and write it
# Loadmodule php5_module "% php_home %/php5apache2. dll"

Addtype application/X-httpd-PHP. php

# Specify the setting of the php. ini file, which is in the % WINDIR % directory by default
Phpinidir "% php_home % /"

Note: % php_home % is replaced with the actual path.

2) Rename the % phpe_home %/PHP. ini-recommended file to PhP. ini, and then modify

Extension_dir = "% php_home %/EXT"

Remove the semicolon (;) annotator before extension = php_gettext.dll and extension = php_ldap.dll and save it. Obviously, we need to use the ldap library for PHP, and use gettext in phpldapadmin for internationalization.

3) To load libeay32.dll and ssleay32.dll files under % php_home % at Apache startup, copy these two files to the % apache_home % directory.

4) Finally, let's test whether PHP is successfully installed. Create a New phpinfo. php file in the main directory of the site pointed to by DocumentRoot of % apache_home %/CONF/httpd. conf, and write:

<? PHP phpinfo ();?>

Start Apache and Use http: // localhost/phpinfo in the browser. PHP: Check whether the related information of PHP is displayed. If LDAP and gettext are enabled, OK is displayed. This step completes more than half of the tasks.

4. install and configure phpldapadmin

1) decompress the downloaded phpldapadmin file to the Apache site home directory and name it phpldapadmin, for example, % apache_home %/htdocs/phpldapadmin. % php_ldap_admin_home % is used to represent the directory.

2) Change % php_ldap_admin_home %/config. php. Example to config. php. The configuration in this file is described in detail.

3) modify the above config. php file

Note: If you are connecting to the LDAP service on port 389 of the local machine, you do not need to modify this file. Then you can directly enter the login user's DN and password on the interface.

Find the row in the file
 
$ Ldapservers-> setvalue ($ I, 'server', 'name', 'My LDAP Server ');

And

// $ Ldapservers-> setvalue ($ I, 'server', 'host', '192. 0.0.1 ');
// $ Ldapservers-> setvalue ($ I, 'server', 'Port', '123 ');
// $ Ldapservers-> setvalue ($ I, 'server', 'base', array (''));
// $ Ldapservers-> setvalue ($ I, 'server', 'auth _ type', 'cookier ');
# $ Ldapservers-> setvalue ($ I, 'login', 'dn', 'cn = manager, Dc = example, Dc = com ');
# $ Ldapservers-> setvalue ($ I, 'login', 'pass', 'secret ');

Remove the annotator (// or #) and change it

$ Ldapservers-> setvalue ($ I, 'server', 'host', 'localhost ');
$ Ldapservers-> setvalue ($ I, 'server', 'Port', '123 ');
$ Ldapservers-> setvalue ($ I, 'server', 'base', array ('DC = example, Dc = com '));
$ Ldapservers-> setvalue ($ I, 'server', 'auth _ type', 'cooker ');
$ Ldapservers-> setvalue ($ I, 'login', 'dn', 'cn = jimbob, Dc = example, Dc = com ');
$ Ldapservers-> setvalue ($ I, 'login', 'pass', 'dirtysceret ');

If this attribute is not set, the default value is used. For example, if the default host is localhost, the port is 389, the base is empty, and the auth_type is Cookie, if no value is set for DN and pass, the interface is required.

3) If you want to manage multiple LDAP servers at the same time, you can. in the PHP file, configure Other LDAP server parameters by referring to the comments block in which $ I ++ is located. Multiple LDAP servers can be selected from the drop-down list on the Web interface.

3. Try phpldapadmin

Access http: // localhost/phpldapadmin/index in a browser. PHP: click Login... under my LDAP server on the left ..., enter "cn = jimbob", "DC = example", "DC = com", and "dirtysecret" as the password. Click "authenticate" to connect to the LDAP server for management. A search page is displayed.

4. Some Problems

1. Why use phpldapadmin 1.1.0 instead of the latest version 1.1.0.5, because 1.1.0.5 has two main problems:

1) Regular page garbled, each time you need to manually select the Page code for the UTF-8, 1.1.0 under normal.
 
2) even if the login DN and password are provided in config. php, Auth-type is a cookie and cannot be accessed by yourself. You must enter the password and manually click the authentication button.

2. Pay attention to the PHP version and whether LDAP and gettext support are enabled. The phpldapadmin version I first obtained is 1.1.0-alpha3. See the following in the install file:

PHP 4.1.0 or newer (With LDAP Support)

In fact, I am still quite generous. I directly used PHP 4.4.9 to serve it, and LDAP was also available, but it did not appreciate it. The following error occurs:

PHP unexpected t_string, expecting t_old_function or t_function or t_var or '}'

It is positioned on the variable Declaration of the PHP class, such as the public, private, and clone operations. The reason is that PHP 4 does not support this and can only use VaR, so it is necessary to change to PHP 5.

In addition, phpldapadmin does not have the abstract gettext to support its internationalization, which makes it possible for me to extract the details from the source code, even in subsequent versions. Besides, PHP 4 itself does not have built-in support for gettext. If you try to install gettext for Win32, it will not work, so move it to PhP5. enable gettext in ini.

There is such code in phpldapadmin/htdocs/index. php:

# Make sure this PHP install has gettext, we use it for Language Translation
If (! Extension_loaded ('gettext '))
Pla_error ('<p> your install of PHP appears to be missing gettext support. </P> <p> gettext is used for language translation. </P> <p> Please install gettext support before using phpldapadmin. <br/> <small> (dont forget to restart your web server afterwards) </small> </P> ');

3. For detailed configuration of PHP. ini and config. php, see the two files themselves. They are self-documented. For example, you can crop some PHP functions as appropriate. For PHP and Apache, see install.txt in PHP. Finally, for convenient access, in httpd. conf of Apache
 
Directoryindex index.html index. php

Add index. php In the above format.

This article only focuses on how to configure phpldapadmin for use and solves the problem. It is designed to provide a convenient tool for us to use LDAP in development, or it is useful. You don't need to get entangled in PHP. After all, PHP has never been used for a long time, and you don't know what it is like.

4. in addition, if the data to be loaded on your phpldapadmin page is too large, we recommend that you use Firefox because Firefox and IE have different mechanisms. Firefox will first apply for a large block of memory, therefore, pages that display a large amount of data information will not be moved as IE does. Use Firefox and IE respectively try to visit the blogjava home page, more blog connection http://www.blogjava.net/AllBloggers.aspx will know.