Skip to content
Deon George edited this page Feb 24, 2023 · 3 revisions

phpLDAPadmin

phpLDAPadmin (or PLA for short), is a Lightweight Directory Access Protocol (LDAP) server administration tool written in PHP, to help LDAP administrator's keep their data up to date.

It's aim is to take away the complexity of updating LDAP servers.

Conceived in 2002 by David Smith, it has been maintained by Deon George since 2005.

After a long hiatsus with PLA v1.2, v2 is currently being created, and is a complete re-write leveraging modern development techniques and technology that didnt exist in 2002.

PLA v2 IS NOT YET COMPLETE so expect functionality to be missing, bugs to exist and things to be broken.

Maintaining the original goals of v1, PLA is designed to be compliant with LDAP RFCs, enabling it to be used with any LDAP server. If you come across an LDAP server, where PLA exhibits problems, please open a github issue with full details of the problem so that I can have it fixed.

For fun, I asked ChatGPT to write an into...

"If you're looking for an efficient and user-friendly way to manage your LDAP directory, look no further than an LDAP administration tool.

With this tool, you can easily add, modify, and delete LDAP entries, as well as perform bulk updates and searches.

The tool offers a graphical user interface, which means you can manage your LDAP directory without having to learn complex command-line interfaces. By using an LDAP administration tool, you can streamline your LDAP directory management tasks and improve your overall productivity."

Development

Version 2 is leveraging these awesome projects:

The UI interface is inspired by:

Goals

  • LDAP RFC compliant, so that it can work with any LDAP server (not just OpenLDAP!)
  • Enable data import and export
  • Template driven entry addition, and modification
  • Primarily for LDAP administrators, although some users also use it

It is important to know...

  • PLA does not implement LDAP security. Security is expected to be implemented in the LDAP server that you manage with PLA. PLA will report back any operation that is rejected by the LDAP server, with information about the rejection.

  • PLA is not an authentication or authorisation tool - IE: PLA does not enforce password policy, nor does it restrict access to records based on the authenticated user. Users can perform any and all actions in an LDAP server, that the LDAP server authorises. If you want to limit what users can do in an LDAP server, then configure the LDAP servers ACLs to enforce those limits.

  • For user account management, PLA only manages LDAP server data - it does not implement OS related functions to user management (like creating home directories).

  • Please dont ask for any OpenLDAP specific feature - it wont be implemented - but you may be able to extend PLA to implement it yourself. If PLA needs to change so that your extension works, let me know, and I'll happily consider what needs to be done to help.

Clone this wiki locally