# ldap user administration

## TJNII

So after following the ldap guide and many, many hours of googling, I have my server authenticating users through ldap.  So, now my question is what's the best way to administer the tree?  I'm going to need something web-based, and I really don't want to code it myself.  I tried phpLDAPadmin, but it burps back a different error for every command I give it, usually declaring it a bug and asking me to report it to the devs.  I also installed directory_administrator, but it crashes whenever it connects to the server.  Webmin is just too plain big, I only want to admin LDAP with this tool.  Any tips, tricks?  I don't want to write a util myself, I'm going to have enough of an adventure teaching the php code I downloaded to authenticate against through ldap.

-TJNII, learning a whole lot in a very, very short time

----------

## Kruegi

 *TJNII wrote:*   

> So after following the ldap guide and many, many hours of googling, I have my server authenticating users through ldap.

 

Welcome to the club!  :Wink: 

 *TJNII wrote:*   

> So, now my question is what's the best way to administer the tree?  I'm going to need something web-based, and I really don't want to code it myself. 

 

I am using Luma (Python, application), Webmin LDAP User Admin (perl, web based) and phpLDAPadmin.

 *TJNII wrote:*   

> I tried phpLDAPadmin, but it burps back a different error for every command I give it, usually declaring it a bug and asking me to report it to the devs.
> 
> 

 

I had this problem too. It seems to be fixed in the newest version.

Thomas

----------

## TJNII

Okay, I got phpLDAPadmin working with version 0.9.7.1 and it looks like a good tool...

But...

What is the best way to handle adding new users?  Do useradd, userdel, and usermod still work? Near as I can tell they don't.  Is there a tool like the useradd utility that handle adding users to the tree, modifying the group list accordingly, takes care of the UID and GID numbers, and creates a home directory if needed?  I've pulled it off manually once, but it seems like a complex task with a large margin for error.

----------

## tcostigl

On a similar note... Luma looks good but it has openldap as a dependancy. My ldap server is on a different box then the one I will be administering from. Can Luma handle this? Is this dependancy really necessary? 

directoryadministrator and jxplorer both have the same problem. phpldapadmin is the only one without the dependancy. I guess I could just "emerge --nodeps" each package but is there any other solution?

----------

## Scytale

 *tcostigl wrote:*   

> On a similar note... Luma looks good but it has openldap as a dependancy. My ldap server is on a different box then the one I will be administering from. Can Luma handle this? Is this dependancy really necessary? 
> 
> directoryadministrator and jxplorer both have the same problem. phpldapadmin is the only one without the dependancy. I guess I could just "emerge --nodeps" each package but is there any other solution?

 

The OpenLDAP dep is there because the OpenLDAP does not only provide the slapd and slurpd servers, but also libraries for LDAP clients. I guess this is what Luma, directoryadministrator and jxplorer need it for. Therefore using --nodeps is not a good idea. But you can add the line net-nds/openldap minimal to /etc/portage/package.use to prevent the servers from being built.

Yes, Luma can of course handle remote LDAP servers. Since the communication to the server runs over sockets anyway, it would stupid to disallow the use of remote servers.

And phpLDAPAdmin does not require OpenLDAP because it uses PHP's LDAP extension.

----------

## tcostigl

Thanks, that information was very helpful. Glad to see people respond to posts they find months later!

----------

