About

From phpLDAPadmin

Jump to: navigation, search

What is phpLDAPadmin

PLA is an LDAP administration tool, designed to:

  • Manage records in an LDAP server, including creating, modifying, deleting records
  • Open standards compliant, so that it can manage records in any compliant LDAP server
  • Be used by administrators, who have some knowledge of LDAP
  • Flexible, so that it can be configured to suite the environment, with no additional local coding

PLA has been designed to be used by LDAP Administrators. So it is useful for Administrators who manage the whole LDAP database, or its useful for Administrators who manage a part of the LDAP database (for example, a Company, an Organisational Unit, a Department, etc.)

While end users could use PLA, for example to update their own entries in an LDAP server, they may find that layout, process and terms unfamiliar.

What phpLDAPadmin is NOT

PLA is NOT

  • A specific OpenLDAP admin tool - it is designed to manage the data in all RFC compliant LDAP servers
  • A user administration tool - so it may not complete the requirements of user administration. For example, the PLA team do not provide any external tasks that could be used for example to create home directories for Unix systems. It may not complete all the required tasks for Windows systems as well. PLA does provide a hooks system that can be used to execute any additional LDAP & non LDAP tasks when records are created and modified - these tasks are not provided by the PLA team.
  • An authentication or authorisation tool - IE: PLA does not enforce password policy, nor does it restrict access to records based on the authenticated user. Users can perform any and all actions in an LDAP server, that the LDAP server authorises. If you want to limit what users can do in an LDAP server, then configure the LDAP servers ACLs to enforce those limits.
  • An LDAP security tool - LDAP security must be provided by the LDAP server. PLA will perform reads and submit writes to an LDAP server as requested by the user, the server should decide whether to accept or reject the reads/writes.
Personal tools