LDAP configuration backend

You can choose to store LemonLDAP::NG configuration in an LDAP directory.


  • Easy to share between servers with remote LDAP access
  • Easy to duplicate with LDAP synchronization services (like SyncRepl in OpenLDAP)
  • Security with SSL/TLS
  • Access control possible by creating one user for Manager (write) and another for portal and handlers (read)
  • Easy import/export through LDIF files

The configuration will be store under a specific branch, for example ou=conf,ou=applications,dc=example,dc=com.

Each configuration will be represented as an entry, which structural objectClass is applicationProcess. This objectClass is included in every core schemas.

The configuration name is the same that files, so lmConf-1, lmConf-2, etc. This name is used in entry DN, for example cn=lmConf-1,ou=conf,ou=applications,dc=example,dc=com.

Then each parameter is one value of the attribute description, prefixed by its key. For example {ldapPort}389.

The LDIF view of such entry can be:

dn: cn=lmConf-1,ou=conf,ou=applications,dc=example,dc=com
objectClass: top
objectClass: applicationProcess
cn: lmConf-1
description: {globalStorage}'Apache::Session::File'
description: {cookieName}'lemonldap'
description: {whatToTrace}'$uid'

Configuration objects use standard object class: applicationProcess. This objectClass allow attributes cn and description. If your LDAP server do not manage this objectClass, you have to extend your schema.

We advice to create a specific LDAP account with write access on configuration branch.

Next create the configuration branch where you want. Just remember its DN for LemonLDAP::NG configuration.

Configure LDAP configuration backend in lemonldap-ng.ini, section [configuration]:

type = LDAP
ldapServer = ldap://localhost
ldapConfBase = ou=conf,ou=applications,dc=example,dc=com
ldapBindDN = cn=manager,dc=example,dc=com
ldapBindPassword = secret


  • ldapServer: LDAP URI of the server
  • ldapConfBase: DN of configuration branch
  • ldapBindDN: DN used to bind LDAP
  • ldapBindPassword: password used to bind LDAP