Skip to content

Configuration Variables

Deon George edited this page May 23, 2025 · 7 revisions

The following environment variables are available to tune your configuration (particularly useful with the docker container):

Variable Value Default Purpose
Required Variables
APP_KEY (value from artisan key:generate) not defined This is used to encrypt data used internally. It should only need to be set once for the life of the application. It is in the format of base64:...
APP_URL http[s]://URL not defined The URL used to get to your PLA instance, eg: https://demo.phpldapadmin.org
LDAP_HOST hostname to your LDAP server not defined A resolvable hostname to your LDAP server eg: my.ldap.server.org
Other Optional Variables
APP_TIMEZONE An applicable timezone UTC This timezone used, mostly for, logging. eg: Australia/Melbourne
CACHE_DRIVER preferred caching driver file The driver used for LDAP caching - you can use memcached here. Look at config/cache.php for other possible drivers
LDAP_ALLOW_GUEST true/false false Used to determine if users must login with their own details to use PLA. When true, the tree will be searched using LDAP_USERNAME to search the LDAP server and populate entries[2]
LDAP_CACHE true/false false We use internal caching to reduce the impact to your LDAP server, this enables that caching
LDAP_CONNECTION string ldap config/ldap.php can have definitions for multiple LDAP servers or configurations that use ldaps or starttls. This determines the ldap server configuration to use[3]
LDAP_BASE_DN Base DN undefined Base DN to your LDAP server, if unset, PLA will try to work it out
LDAP_LOGIN_ATTR LDAP Attribute uid Attribute used to login in the login form, if you dont want to use a DN[1]
LDAP_LOGIN_ATTR_DESC Description of login attribute User ID A description to show when LDAP_LOGIN_ATTR is used (in the login box), this is a friendly description
LDAP_LOGIN_OBJECTCLASS comma delimited list of objectclasses posixAccount Objectclass that must be on the user's DN to login. This is a comma delimited list, but any matched objectclass is sufficient to login, eg: posixAccount,inetOrgPerson the user can login if they have posixAccount OR inetOrgPerson [4]
LDAP_NAME text LDAP Server Free form text name for your ldap server, eg: ACME Server
LDAP_PORT int 389 TCP port used to query ldap server. You may need to change this if your LDAP_CONNECTION refers to a server on a non-standard port, or a SSL enabled port
LDAP_PASSWORD text undefined Password to ldap server[2], eg: mypassword
LDAP_USERNAME dn undefined Authentication DN to connect to ldap server[2], eg: cn=Admin,dc=Test

1 | Your LDAP server LDAP_USERNAME and LDAP_PASSWORD will need to be set - to enable searching the LDAP server to return the DN associated with the LDAP_LOGIN_ATTR. Only one result match must be returned with the query.

2 | Your LDAP server LDAP_USERNAME and LDAP_PASSWORD is mostly used to connect to your LDAP server and obtain the schema (it must have the access to read the schema). If you do use LDAP_ALLOW_GUEST=TRUE, then this LDAP_USERNAME will enable you to browse the LDAP tree and return records that this DN has access to. If LDAP_ALLOW_GUEST=FALSE (the default), then a login box will be presented. When LDAP_LOGIN_ATTR is not DN, then LDAP_USERNAME is used to search the directory to obtain the DN for the attribute value used enable logging into the LDAP server.

3 | PLA comes configured to connect to an LDAP server over an unsecure port ldap, a SSL enabled port ldaps, or with starttls (STARTTLS over an unsecure port). The hostname and port to connect to is configured with LDAP_HOSTNAME/LDAP_PORT respectively for the type of connection you want to use. (In PLA v2.0.0 these values were called openldap/openldaps/openldaptls respectively, but will be changed to ldap/ldaps/starttls in v2.0.1+). See config/ldap.php.

4 | After a DN is retrieved by steps 1/2 above, it is checked to see if it has objectclasses matching LDAP_LOGIN_OBJECTCLASS, and if it does not have any of the objectclasses (if there are more than 1), the user will not be logged in.

Clone this wiki locally