--- /dev/null
+{ lib, php, env, writeText, stdenv, optipng, fetchurl }:
+rec {
+ config = writeText "config.php" ''
+ <?php
+ $config->custom->appearance['show_clear_password'] = true;
+ $config->custom->appearance['hide_template_warning'] = true;
+ $config->custom->appearance['theme'] = "tango";
+ $config->custom->appearance['minimalMode'] = true;
+
+ $servers = new Datastore();
+
+ $servers->newServer('ldap_pla');
+ $servers->setValue('server','name','Immae’s LDAP');
+ $servers->setValue('server','host','ldaps://${env.ldap.host}');
+ $servers->setValue('login','auth_type','cookie');
+ $servers->setValue('login','bind_id','${env.ldap.dn}');
+ $servers->setValue('login','bind_pass','${env.ldap.password}');
+ $servers->setValue('appearance','password_hash','ssha');
+ $servers->setValue('login','attr','uid');
+ $servers->setValue('login','fallback_dn',true);
+ '';
+ webRoot = stdenv.mkDerivation rec {
+ version = "1.2.3";
+ name = "phpldapadmin-${version}";
+ src = fetchurl {
+ url = "https://downloads.sourceforge.net/project/phpldapadmin/phpldapadmin-php5/${version}/${name}.tgz";
+ sha256 = "0n7dhp2a7n1krmnik3pb969jynsmhghmxviivnckifkprv1zijmf";
+ };
+ patches = [
+ ./ldap-php5_5.patch
+ ./ldap-disable-mcrypt.patch
+ ./ldap-php7_2.patch
+ ./ldap-sort-in-templates.patch
+ ./ldap-align-button.patch
+ ];
+ buildInputs = [ optipng ];
+ buildPhase = ''
+ find -name '*.png' -exec optipng -quiet -force -fix {} \;
+ '';
+ installPhase = ''
+ cp -a . $out
+ ln -sf ${config} $out/config/config.php
+ '';
+ };
+ apache = {
+ user = "wwwrun";
+ group = "wwwrun";
+ modules = [ "proxy_fcgi" ];
+ vhostConf = ''
+ Alias /ldap "${webRoot}/htdocs"
+ <Directory "${webRoot}/htdocs">
+ DirectoryIndex index.php
+ <FilesMatch "\.php$">
+ SetHandler "proxy:unix:${phpFpm.socket}|fcgi://localhost"
+ </FilesMatch>
+
+ AllowOverride None
+ Require all granted
+ </Directory>
+ '';
+ };
+ phpFpm = rec {
+ basedir = builtins.concatStringsSep ":" [ webRoot config ];
+ socket = "/var/run/phpfpm/ldap.sock";
+ pool = ''
+ listen = ${socket}
+ user = ${apache.user}
+ group = ${apache.group}
+ listen.owner = ${apache.user}
+ listen.group = ${apache.group}
+ pm = ondemand
+ pm.max_children = 60
+ pm.process_idle_timeout = 60
+
+ ; Needed to avoid clashes in browser cookies (same domain)
+ php_value[session.name] = LdapPHPSESSID
+ php_admin_value[open_basedir] = "${basedir}:/tmp"
+ '';
+ };
+}