From fae6d4e51c1acc51e6f9e0c5df1b88d58f55162a Mon Sep 17 00:00:00 2001
From: John Gasper <jtgasper3@gmail.com>
Date: Tue, 28 Aug 2018 17:30:21 -0700
Subject: [PATCH] Added phpMyAdmin and phpLDAPadmin to base image
---
README.md | 9 +
base/Dockerfile | 3 +-
.../etc/phpMyAdmin/config.inc.php | 117 ++++
.../etc/phpldapadmin/config.php | 583 ++++++++++++++++++
base/container_files/httpd/phpMyAdmin.conf | 77 +++
base/container_files/httpd/phpldapadmin.conf | 20 +
6 files changed, 808 insertions(+), 1 deletion(-)
create mode 100644 base/container_files/etc/phpMyAdmin/config.inc.php
create mode 100644 base/container_files/etc/phpldapadmin/config.php
create mode 100644 base/container_files/httpd/phpMyAdmin.conf
create mode 100644 base/container_files/httpd/phpldapadmin.conf
diff --git a/README.md b/README.md
index e30c672..d8fec11 100644
--- a/README.md
+++ b/README.md
@@ -27,6 +27,10 @@ Current tags:
- ex401.1.4
- ex401.1.5
- ex401.1.end
+- ex401.2.1
+- ex401.2.2
+- ex401.2.3
+- ex401.2.4
Browse to `https://localhost/grouper` for Grouper. There is also an app that dumps the SP user attributes at `https://localhost/app`.
@@ -34,3 +38,8 @@ Browse to `https://localhost/grouper` for Grouper. There is also an app that dum
- `banderson`/`password`: Grouper Administrator
- `jsmith`/`password`: standard user
- additional users can be found in <https://github.internet2.edu/docker/grouper_training/blob/master/base/container_files/seed-data/users.ldif#L56>
+
+# Help apps
+
+- phpMyAdmin - https://localhost/phpmyadmin/ - username: `root`, password: (blank)
+- phpLDAPadmin - https://localhost/phpldapadmin/ - username: `cn=root,dc=internet2,dc=edu`, password: `password`
diff --git a/base/Dockerfile b/base/Dockerfile
index 8f886d1..0bc1948 100644
--- a/base/Dockerfile
+++ b/base/Dockerfile
@@ -12,7 +12,7 @@ ENV ENV=training \
USERTOKEN=3.2.0_base
RUN yum install -y epel-release \
- && yum install -y mariadb mariadb-server openldap openldap-clients openldap-servers \
+ && yum install -y mariadb mariadb-server openldap openldap-clients openldap-servers phpMyAdmin phpldapadmin \
&& yum clean all
COPY container_files/seed-data/ /seed-data/
@@ -68,6 +68,7 @@ RUN (/usr/sbin/slapd -h "ldap:/// ldaps:/// ldapi:///" -u ldap &) \
COPY --from=idp /opt/shibboleth-idp/ /opt/shibboleth-idp/
+COPY container_files/etc/ /etc/
COPY container_files/conf/ /opt/grouper/conf/
COPY container_files/httpd/* /etc/httpd/conf.d/
COPY container_files/shibboleth-idp/ /opt/shibboleth-idp/
diff --git a/base/container_files/etc/phpMyAdmin/config.inc.php b/base/container_files/etc/phpMyAdmin/config.inc.php
new file mode 100644
index 0000000..ebb6dbd
--- /dev/null
+++ b/base/container_files/etc/phpMyAdmin/config.inc.php
@@ -0,0 +1,117 @@
+<?php
+/**
+ * phpMyAdmin configuration file, you can use it as base for the manual
+ * configuration. For easier setup you can use "setup/".
+ *
+ * All directives are explained in Documentation.html and on phpMyAdmin
+ * wiki <http://wiki.phpmyadmin.net>.
+ */
+
+/*
+ * This is needed for cookie based authentication to encrypt password in
+ * cookie
+ */
+$cfg['blowfish_secret'] = 'd7Y5iRSDpGaQkvSqxKWPwHfazswioRBO'; /* YOU MUST FILL IN THIS FOR COOKIE AUTH! */
+
+/**
+ * Server(s) configuration
+ */
+$i = 0;
+
+// The $cfg['Servers'] array starts with $cfg['Servers'][1]. Do not use
+// $cfg['Servers'][0]. You can disable a server config entry by setting host
+// to ''. If you want more than one server, just copy following section
+// (including $i incrementation) serveral times. There is no need to define
+// full server array, just define values you need to change.
+$i++;
+$cfg['Servers'][$i]['host'] = 'localhost'; // MySQL hostname or IP address
+$cfg['Servers'][$i]['port'] = '3306'; // MySQL port - leave blank for default port
+$cfg['Servers'][$i]['socket'] = ''; // Path to the socket - leave blank for default socket
+$cfg['Servers'][$i]['connect_type'] = 'tcp'; // How to connect to MySQL server ('tcp' or 'socket')
+$cfg['Servers'][$i]['extension'] = 'mysqli'; // The php MySQL extension to use ('mysql' or 'mysqli')
+$cfg['Servers'][$i]['compress'] = FALSE; // Use compressed protocol for the MySQL connection
+ // (requires PHP >= 4.3.0)
+$cfg['Servers'][$i]['controluser'] = ''; // MySQL control user settings
+ // (this user must have read-only
+$cfg['Servers'][$i]['controlpass'] = ''; // access to the "mysql/user"
+ // and "mysql/db" tables).
+ // The controluser is also
+ // used for all relational
+ // features (pmadb)
+$cfg['Servers'][$i]['auth_type'] = 'cookie'; // Authentication method (config, http or cookie based)?
+$cfg['Servers'][$i]['user'] = ''; // MySQL user
+$cfg['Servers'][$i]['password'] = ''; // MySQL password (only needed
+ // with 'config' auth_type)
+$cfg['Servers'][$i]['only_db'] = 'grouper'; // If set to a db-name, only
+ // this db is displayed in left frame
+ // It may also be an array of db-names, where sorting order is relevant.
+$cfg['Servers'][$i]['hide_db'] = ''; // Database name to be hidden from listings
+$cfg['Servers'][$i]['verbose'] = ''; // Verbose name for this host - leave blank to show the hostname
+
+$cfg['Servers'][$i]['pmadb'] = ''; // Database used for Relation, Bookmark and PDF Features
+ // (see scripts/create_tables.sql)
+ // - leave blank for no support
+ // DEFAULT: 'phpmyadmin'
+$cfg['Servers'][$i]['bookmarktable'] = ''; // Bookmark table
+ // - leave blank for no bookmark support
+ // DEFAULT: 'pma_bookmark'
+$cfg['Servers'][$i]['relation'] = ''; // table to describe the relation between links (see doc)
+ // - leave blank for no relation-links support
+ // DEFAULT: 'pma_relation'
+$cfg['Servers'][$i]['table_info'] = ''; // table to describe the display fields
+ // - leave blank for no display fields support
+ // DEFAULT: 'pma_table_info'
+$cfg['Servers'][$i]['table_coords'] = ''; // table to describe the tables position for the PDF schema
+ // - leave blank for no PDF schema support
+ // DEFAULT: 'pma_table_coords'
+$cfg['Servers'][$i]['pdf_pages'] = ''; // table to describe pages of relationpdf
+ // - leave blank if you don't want to use this
+ // DEFAULT: 'pma_pdf_pages'
+$cfg['Servers'][$i]['column_info'] = ''; // table to store column information
+ // - leave blank for no column comments/mime types
+ // DEFAULT: 'pma_column_info'
+$cfg['Servers'][$i]['history'] = ''; // table to store SQL history
+ // - leave blank for no SQL query history
+ // DEFAULT: 'pma_history'
+$cfg['Servers'][$i]['verbose_check'] = TRUE; // set to FALSE if you know that your pma_* tables
+ // are up to date. This prevents compatibility
+ // checks and thereby increases performance.
+$cfg['Servers'][$i]['AllowRoot'] = TRUE; // whether to allow root login
+$cfg['Servers'][$i]['AllowDeny']['order'] // Host authentication order, leave blank to not use
+ = '';
+$cfg['Servers'][$i]['AllowDeny']['rules'] // Host authentication rules, leave blank for defaults
+ = array();
+$cfg['Servers'][$i]['AllowNoPassword'] // Allow logins without a password. Do not change the FALSE
+ = TRUE; // default unless you're running a passwordless MySQL server
+$cfg['Servers'][$i]['designer_coords'] // Leave blank (default) for no Designer support, otherwise
+ = ''; // set to suggested 'pma_designer_coords' if really needed
+$cfg['Servers'][$i]['bs_garbage_threshold'] // Blobstreaming: Recommented default value from upstream
+ = 50; // DEFAULT: '50'
+$cfg['Servers'][$i]['bs_repository_threshold'] // Blobstreaming: Recommented default value from upstream
+ = '32M'; // DEFAULT: '32M'
+$cfg['Servers'][$i]['bs_temp_blob_timeout'] // Blobstreaming: Recommented default value from upstream
+ = 600; // DEFAULT: '600'
+$cfg['Servers'][$i]['bs_temp_log_threshold'] // Blobstreaming: Recommented default value from upstream
+ = '32M'; // DEFAULT: '32M'
+/*
+ * End of servers configuration
+ */
+
+/*
+ * Directories for saving/loading files from server
+ */
+$cfg['UploadDir'] = '/var/lib/phpMyAdmin/upload';
+$cfg['SaveDir'] = '/var/lib/phpMyAdmin/save';
+
+/*
+ * Disable the default warning that is displayed on the DB Details Structure
+ * page if any of the required Tables for the relation features is not found
+ */
+$cfg['PmaNoRelation_DisableWarning'] = TRUE;
+
+/*
+ * phpMyAdmin 4.4.x is no longer maintained by upstream, but security fixes
+ * are still backported by downstream.
+ */
+$cfg['VersionCheck'] = FALSE;
+?>
\ No newline at end of file
diff --git a/base/container_files/etc/phpldapadmin/config.php b/base/container_files/etc/phpldapadmin/config.php
new file mode 100644
index 0000000..22461d8
--- /dev/null
+++ b/base/container_files/etc/phpldapadmin/config.php
@@ -0,0 +1,583 @@
+<?php
+/** NOTE **
+ ** Make sure that <?php is the FIRST line of this file!
+ ** IE: There should NOT be any blank lines or spaces BEFORE <?php
+ **/
+
+/**
+ * The phpLDAPadmin config file
+ * See: http://phpldapadmin.sourceforge.net/wiki/index.php/Config.php
+ *
+ * This is where you can customise some of the phpLDAPadmin defaults
+ * that are defined in config_default.php.
+ *
+ * To override a default, use the $config->custom variable to do so.
+ * For example, the default for defining the language in config_default.php
+ *
+ * $this->default->appearance['language'] = array(
+ * 'desc'=>'Language',
+ * 'default'=>'auto');
+ *
+ * to override this, use $config->custom->appearance['language'] = 'en_EN';
+ *
+ * This file is also used to configure your LDAP server connections.
+ *
+ * You must specify at least one LDAP server there. You may add
+ * as many as you like. You can also specify your language, and
+ * many other options.
+ *
+ * NOTE: Commented out values in this file prefixed by //, represent the
+ * defaults that have been defined in config_default.php.
+ * Commented out values prefixed by #, dont reflect their default value, you can
+ * check config_default.php if you want to see what the default is.
+ *
+ * DONT change config_default.php, you changes will be lost by the next release
+ * of PLA. Instead change this file - as it will NOT be replaced by a new
+ * version of phpLDAPadmin.
+ */
+
+/*********************************************
+ * Useful important configuration overrides *
+ *********************************************/
+
+/* If you are asked to put PLA in debug mode, this is how you do it: */
+# $config->custom->debug['level'] = 255;
+# $config->custom->debug['syslog'] = true;
+# $config->custom->debug['file'] = '/tmp/pla_debug.log';
+
+/* phpLDAPadmin can encrypt the content of sensitive cookies if you set this
+ to a big random string. */
+$config->custom->session['blowfish'] = 'beee41ae7ca5107fc9a61946c4734264'; # Autogenerated for 66388f647a9e
+
+/* If your auth_type is http, you can override your HTTP Authentication Realm. */
+// $config->custom->session['http_realm'] = sprintf('%s %s',app_name(),'login');
+
+/* The language setting. If you set this to 'auto', phpLDAPadmin will attempt
+ to determine your language automatically.
+ If PLA doesnt show (all) strings in your language, then you can do some
+ translation at http://translations.launchpad.net/phpldapadmin and download
+ the translation files, replacing those provided with PLA.
+ (We'll pick up the translations before making the next release too!) */
+// $config->custom->appearance['language'] = 'auto';
+
+/* The temporary storage directory where we will put jpegPhoto data
+ This directory must be readable and writable by your web server. */
+// $config->custom->jpeg['tmpdir'] = '/tmp'; // Example for Unix systems
+# $config->custom->jpeg['tmpdir'] = 'c:\\temp'; // Example for Windows systems
+
+/* Set this to (bool)true if you do NOT want a random salt used when
+ calling crypt(). Instead, use the first two letters of the user's
+ password. This is insecure but unfortunately needed for some older
+ environments. */
+# $config->custom->password['no_random_crypt_salt'] = true;
+
+/* PHP script timeout control. If php runs longer than this many seconds then
+ PHP will stop with an Maximum Execution time error. Increase this value from
+ the default if queries to your LDAP server are slow. The default is either
+ 30 seconds or the setting of max_exection_time if this is null. */
+// $config->custom->session['timelimit'] = 30;
+
+// $config->custom->appearance['show_clear_password'] = false;
+
+// $config->custom->search['size_limit'] = 50;
+# $config->custom->search['size_limit'] = 1000;
+
+/* Our local timezone
+ This is to make sure that when we ask the system for the current time, we
+ get the right local time. If this is not set, all time() calculations will
+ assume UTC if you have not set PHP date.timezone. */
+// $config->custom->appearance['timezone'] = null;
+# $config->custom->appearance['timezone'] = 'Australia/Melbourne';
+
+/*********************************************
+ * Commands *
+ *********************************************/
+
+/* Command availability ; if you don't authorize a command the command
+ links will not be shown and the command action will not be permitted.
+ For better security, set also ACL in your ldap directory. */
+/*
+$config->custom->commands['cmd'] = array(
+ 'entry_internal_attributes_show' => true,
+ 'entry_refresh' => true,
+ 'oslinks' => true,
+ 'switch_template' => true
+);
+
+$config->custom->commands['script'] = array(
+ 'add_attr_form' => true,
+ 'add_oclass_form' => true,
+ 'add_value_form' => true,
+ 'collapse' => true,
+ 'compare' => true,
+ 'compare_form' => true,
+ 'copy' => true,
+ 'copy_form' => true,
+ 'create' => true,
+ 'create_confirm' => true,
+ 'delete' => true,
+ 'delete_attr' => true,
+ 'delete_form' => true,
+ 'draw_tree_node' => true,
+ 'expand' => true,
+ 'export' => true,
+ 'export_form' => true,
+ 'import' => true,
+ 'import_form' => true,
+ 'login' => true,
+ 'logout' => true,
+ 'login_form' => true,
+ 'mass_delete' => true,
+ 'mass_edit' => true,
+ 'mass_update' => true,
+ 'modify_member_form' => true,
+ 'monitor' => true,
+ 'purge_cache' => true,
+ 'query_engine' => true,
+ 'rename' => true,
+ 'rename_form' => true,
+ 'rdelete' => true,
+ 'refresh' => true,
+ 'schema' => true,
+ 'server_info' => true,
+ 'show_cache' => true,
+ 'template_engine' => true,
+ 'update_confirm' => true,
+ 'update' => true
+);
+*/
+
+/*********************************************
+ * Appearance *
+ *********************************************/
+
+/* If you want to choose the appearance of the tree, specify a class name which
+ inherits from the Tree class. */
+// $config->custom->appearance['tree'] = 'AJAXTree';
+# $config->custom->appearance['tree'] = 'HTMLTree';
+
+/* Just show your custom templates. */
+// $config->custom->appearance['custom_templates_only'] = false;
+
+/* Disable the default template. */
+// $config->custom->appearance['disable_default_template'] = false;
+
+/* Hide the warnings for invalid objectClasses/attributes in templates. */
+// $config->custom->appearance['hide_template_warning'] = false;
+
+/* Set to true if you would like to hide header and footer parts. */
+// $config->custom->appearance['minimalMode'] = false;
+
+/* Configure what objects are shown in left hand tree */
+// $config->custom->appearance['tree_filter'] = '(objectclass=*)';
+
+/* The height and width of the tree. If these values are not set, then
+ no tree scroll bars are provided. */
+// $config->custom->appearance['tree_height'] = null;
+# $config->custom->appearance['tree_height'] = 600;
+// $config->custom->appearance['tree_width'] = null;
+# $config->custom->appearance['tree_width'] = 250;
+
+/* Confirm create and update operations, allowing you to review the changes
+ and optionally skip attributes during the create/update operation. */
+// $config->custom->confirm['create'] = true;
+// $config->custom->confirm['update'] = true;
+
+/* Confirm copy operations, and treat them like create operations. This allows
+ you to edit the attributes (thus changing any that might conflict with
+ uniqueness) before creating the new entry. */
+// $config->custom->confirm['copy'] = true;
+
+/*********************************************
+ * User-friendly attribute translation *
+ *********************************************/
+
+/* Use this array to map attribute names to user friendly names. For example, if
+ you don't want to see "facsimileTelephoneNumber" but rather "Fax". */
+// $config->custom->appearance['friendly_attrs'] = array();
+$config->custom->appearance['friendly_attrs'] = array(
+ 'facsimileTelephoneNumber' => 'Fax',
+ 'gid' => 'Group',
+ 'mail' => 'Email',
+ 'telephoneNumber' => 'Telephone',
+ 'uid' => 'User Name',
+ 'userPassword' => 'Password'
+);
+
+/*********************************************
+ * Hidden attributes *
+ *********************************************/
+
+/* You may want to hide certain attributes from being edited. If you want to
+ hide attributes from the user, you should use your LDAP servers ACLs.
+ NOTE: The user must be able to read the hide_attrs_exempt entry to be
+ excluded. */
+// $config->custom->appearance['hide_attrs'] = array();
+# $config->custom->appearance['hide_attrs'] = array('objectClass');
+
+/* Members of this list will be exempt from the hidden attributes. */
+// $config->custom->appearance['hide_attrs_exempt'] = null;
+# $config->custom->appearance['hide_attrs_exempt'] = 'cn=PLA UnHide,ou=Groups,c=AU';
+
+/*********************************************
+ * Read-only attributes *
+ *********************************************/
+
+/* You may want to phpLDAPadmin to display certain attributes as read only,
+ meaning that users will not be presented a form for modifying those
+ attributes, and they will not be allowed to be modified on the "back-end"
+ either. You may configure this list here:
+ NOTE: The user must be able to read the readonly_attrs_exempt entry to be
+ excluded. */
+// $config->custom->appearance['readonly_attrs'] = array();
+
+/* Members of this list will be exempt from the readonly attributes. */
+// $config->custom->appearance['readonly_attrs_exempt'] = null;
+# $config->custom->appearance['readonly_attrs_exempt'] = 'cn=PLA ReadWrite,ou=Groups,c=AU';
+
+/*********************************************
+ * Group attributes *
+ *********************************************/
+
+/* Add "modify group members" link to the attribute. */
+// $config->custom->modify_member['groupattr'] = array('member','uniqueMember','memberUid');
+
+/* Configure filter for member search. This only applies to "modify group members" feature */
+// $config->custom->modify_member['filter'] = '(objectclass=Person)';
+
+/* Attribute that is added to the group member attribute. */
+// $config->custom->modify_member['attr'] = 'dn';
+
+/* For Posix attributes */
+// $config->custom->modify_member['posixattr'] = 'uid';
+// $config->custom->modify_member['posixfilter'] = '(uid=*)';
+// $config->custom->modify_member['posixgroupattr'] = 'memberUid';
+
+/*********************************************
+ * Support for attrs display order *
+ *********************************************/
+
+/* Use this array if you want to have your attributes displayed in a specific
+ order. You can use default attribute names or their fridenly names.
+ For example, "sn" will be displayed right after "givenName". All the other
+ attributes that are not specified in this array will be displayed after in
+ alphabetical order. */
+// $config->custom->appearance['attr_display_order'] = array();
+# $config->custom->appearance['attr_display_order'] = array(
+# 'givenName',
+# 'sn',
+# 'cn',
+# 'displayName',
+# 'uid',
+# 'uidNumber',
+# 'gidNumber',
+# 'homeDirectory',
+# 'mail',
+# 'userPassword'
+# );
+
+/*********************************************
+ * Define your LDAP servers in this section *
+ *********************************************/
+
+$servers = new Datastore();
+
+/* $servers->NewServer('ldap_pla') must be called before each new LDAP server
+ declaration. */
+$servers->newServer('ldap_pla');
+
+/* A convenient name that will appear in the tree viewer and throughout
+ phpLDAPadmin to identify this LDAP server to users. */
+$servers->setValue('server','name','Example LDAP Server');
+
+/* Examples:
+ 'ldap.example.com',
+ 'ldaps://ldap.example.com/',
+ 'ldapi://%2fusr%local%2fvar%2frun%2fldapi'
+ (Unix socket at /usr/local/var/run/ldap) */
+$servers->setValue('server','host','127.0.0.1');
+
+/* The port your LDAP server listens on (no quotes). 389 is standard. */
+$servers->setValue('server','port',389);
+
+/* Array of base DNs of your LDAP server. Leave this blank to have phpLDAPadmin
+ auto-detect it for you. */
+$servers->setValue('server','base',array('dc=internet2,dc=edu'));
+
+/* Five options for auth_type:
+ 1. 'cookie': you will login via a web form, and a client-side cookie will
+ store your login dn and password.
+ 2. 'session': same as cookie but your login dn and password are stored on the
+ web server in a persistent session variable.
+ 3. 'http': same as session but your login dn and password are retrieved via
+ HTTP authentication.
+ 4. 'config': specify your login dn and password here in this config file. No
+ login will be required to use phpLDAPadmin for this server.
+ 5. 'sasl': login will be taken from the webserver's kerberos authentication.
+ Currently only GSSAPI has been tested (using mod_auth_kerb).
+
+ Choose wisely to protect your authentication information appropriately for
+ your situation. If you choose 'cookie', your cookie contents will be
+ encrypted using blowfish and the secret your specify above as
+ session['blowfish']. */
+$servers->setValue('login','auth_type','cookie');
+
+/* The DN of the user for phpLDAPadmin to bind with. For anonymous binds or
+ 'cookie','session' or 'sasl' auth_types, LEAVE THE LOGIN_DN AND LOGIN_PASS
+ BLANK. If you specify a login_attr in conjunction with a cookie or session
+ auth_type, then you can also specify the bind_id/bind_pass here for searching
+ the directory for users (ie, if your LDAP server does not allow anonymous
+ binds. */
+// $servers->setValue('login','bind_id','');
+$servers->setValue('login','bind_id','cn=root,dc=internet2,dc=edu');
+
+/* Your LDAP password. If you specified an empty bind_id above, this MUST also
+ be blank. */
+// $servers->setValue('login','bind_pass','');
+$servers->setValue('login','bind_pass','password');
+
+/* Use TLS (Transport Layer Security) to connect to the LDAP server. */
+// $servers->setValue('server','tls',false);
+
+/************************************
+ * SASL Authentication *
+ ************************************/
+
+/* Enable SASL authentication LDAP SASL authentication requires PHP 5.x
+ configured with --with-ldap-sasl=DIR. If this option is disabled (ie, set to
+ false), then all other sasl options are ignored. */
+// $servers->setValue('login','auth_type','sasl');
+
+/* SASL auth mechanism */
+// $servers->setValue('sasl','mech','GSSAPI');
+
+/* SASL authentication realm name */
+// $servers->setValue('sasl','realm','');
+# $servers->setValue('sasl','realm','EXAMPLE.COM');
+
+/* SASL authorization ID name
+ If this option is undefined, authorization id will be computed from bind DN,
+ using authz_id_regex and authz_id_replacement. */
+// $servers->setValue('sasl','authz_id', null);
+
+/* SASL authorization id regex and replacement
+ When authz_id property is not set (default), phpLDAPAdmin will try to
+ figure out authorization id by itself from bind distinguished name (DN).
+
+ This procedure is done by calling preg_replace() php function in the
+ following way:
+
+ $authz_id = preg_replace($sasl_authz_id_regex,$sasl_authz_id_replacement,
+ $bind_dn);
+
+ For info about pcre regexes, see:
+ - pcre(3), perlre(3)
+ - http://www.php.net/preg_replace */
+// $servers->setValue('sasl','authz_id_regex',null);
+// $servers->setValue('sasl','authz_id_replacement',null);
+# $servers->setValue('sasl','authz_id_regex','/^uid=([^,]+)(.+)/i');
+# $servers->setValue('sasl','authz_id_replacement','$1');
+
+/* SASL auth security props.
+ See http://beepcore-tcl.sourceforge.net/tclsasl.html#anchor5 for explanation. */
+// $servers->setValue('sasl','props',null);
+
+/* Default password hashing algorithm. One of md5, ssha, sha, md5crpyt, smd5,
+ blowfish, crypt or leave blank for now default algorithm. */
+// $servers->setValue('appearance','password_hash','md5');
+$servers->setValue('appearance','password_hash','');
+
+/* If you specified 'cookie' or 'session' as the auth_type above, you can
+ optionally specify here an attribute to use when logging in. If you enter
+ 'uid' and login as 'dsmith', phpLDAPadmin will search for (uid=dsmith)
+ and log in as that user.
+ Leave blank or specify 'dn' to use full DN for logging in. Note also that if
+ your LDAP server requires you to login to perform searches, you can enter the
+ DN to use when searching in 'bind_id' and 'bind_pass' above. */
+// $servers->setValue('login','attr','dn');
+$servers->setValue('login','attr','dn');
+
+/* Base DNs to used for logins. If this value is not set, then the LDAP server
+ Base DNs are used. */
+// $servers->setValue('login','base',array());
+
+/* If 'login,attr' is used above such that phpLDAPadmin will search for your DN
+ at login, you may restrict the search to a specific objectClasses. EG, set this
+ to array('posixAccount') or array('inetOrgPerson',..), depending upon your
+ setup. */
+// $servers->setValue('login','class',array());
+
+/* If you specified something different from 'dn', for example 'uid', as the
+ login_attr above, you can optionally specify here to fall back to
+ authentication with dn.
+ This is useful, when users should be able to log in with their uid, but
+ the ldap administrator wants to log in with his root-dn, that does not
+ necessarily have the uid attribute.
+ When using this feature, login_class is ignored. */
+// $servers->setValue('login','fallback_dn',false);
+
+/* Specify true If you want phpLDAPadmin to not display or permit any
+ modification to the LDAP server. */
+// $servers->setValue('server','read_only',false);
+
+/* Specify false if you do not want phpLDAPadmin to draw the 'Create new' links
+ in the tree viewer. */
+// $servers->setValue('appearance','show_create',true);
+
+/* Set to true if you would like to initially open the first level of each tree. */
+// $servers->setValue('appearance','open_tree',false);
+
+/* This feature allows phpLDAPadmin to automatically determine the next
+ available uidNumber for a new entry. */
+// $servers->setValue('auto_number','enable',true);
+
+/* The mechanism to use when finding the next available uidNumber. Two possible
+ values: 'uidpool' or 'search'.
+ The 'uidpool' mechanism uses an existing uidPool entry in your LDAP server to
+ blindly lookup the next available uidNumber. The 'search' mechanism searches
+ for entries with a uidNumber value and finds the first available uidNumber
+ (slower). */
+// $servers->setValue('auto_number','mechanism','search');
+
+/* The DN of the search base when the 'search' mechanism is used above. */
+# $servers->setValue('auto_number','search_base','ou=People,dc=example,dc=com');
+
+/* The minimum number to use when searching for the next available number
+ (only when 'search' is used for auto_number. */
+// $servers->setValue('auto_number','min',array('uidNumber'=>1000,'gidNumber'=>500));
+
+/* If you set this, then phpldapadmin will bind to LDAP with this user ID when
+ searching for the uidnumber. The idea is, this user id would have full
+ (readonly) access to uidnumber in your ldap directory (the logged in user
+ may not), so that you can be guaranteed to get a unique uidnumber for your
+ directory. */
+// $servers->setValue('auto_number','dn',null);
+
+/* The password for the dn above. */
+// $servers->setValue('auto_number','pass',null);
+
+/* Enable anonymous bind login. */
+// $servers->setValue('login','anon_bind',true);
+
+/* Use customized page with prefix when available. */
+# $servers->setValue('custom','pages_prefix','custom_');
+
+/* If you set this, then only these DNs are allowed to log in. This array can
+ contain individual users, groups or ldap search filter(s). Keep in mind that
+ the user has not authenticated yet, so this will be an anonymous search to
+ the LDAP server, so make your ACLs allow these searches to return results! */
+# $servers->setValue('login','allowed_dns',array(
+# 'uid=stran,ou=People,dc=example,dc=com',
+# '(&(gidNumber=811)(objectClass=groupOfNames))',
+# '(|(uidNumber=200)(uidNumber=201))',
+# 'cn=callcenter,ou=Group,dc=example,dc=com'));
+
+/* Set this if you dont want this LDAP server to show in the tree */
+// $servers->setValue('server','visible',true);
+
+/* Set this if you want to hide the base DNs that dont exist instead of
+ displaying the message "The base entry doesnt exist, create it?"
+// $servers->setValue('server','hide_noaccess_base',false);
+# $servers->setValue('server','hide_noaccess_base',true);
+
+/* This is the time out value in minutes for the server. After as many minutes
+ of inactivity you will be automatically logged out. If not set, the default
+ value will be ( session_cache_expire()-1 ) */
+# $servers->setValue('login','timeout',30);
+
+/* Set this if you want phpldapadmin to perform rename operation on entry which
+ has children. Certain servers are known to allow it, certain are not. */
+// $servers->setValue('server','branch_rename',false);
+
+/* If you set this, then phpldapadmin will show these attributes as
+ internal attributes, even if they are not defined in your schema. */
+// $servers->setValue('server','custom_sys_attrs',array(''));
+# $servers->setValue('server','custom_sys_attrs',array('passwordExpirationTime','passwordAllowChangeTime'));
+
+/* If you set this, then phpldapadmin will show these attributes on
+ objects, even if they are not defined in your schema. */
+// $servers->setValue('server','custom_attrs',array(''));
+# $servers->setValue('server','custom_attrs',array('nsRoleDN','nsRole','nsAccountLock'));
+
+/* These attributes will be forced to MAY attributes and become option in the
+ templates. If they are not defined in the templates, then they wont appear
+ as per normal template processing. You may want to do this because your LDAP
+ server may automatically calculate a default value.
+ In Fedora Directory Server using the DNA Plugin one could ignore uidNumber,
+ gidNumber and sambaSID. */
+// $servers->setValue('server','force_may',array(''));
+# $servers->setValue('server','force_may',array('uidNumber','gidNumber','sambaSID'));
+
+/*********************************************
+ * Unique attributes *
+ *********************************************/
+
+/* You may want phpLDAPadmin to enforce some attributes to have unique values
+ (ie: not belong to other entries in your tree. This (together with
+ 'unique','dn' and 'unique','pass' option will not let updates to
+ occur with other attributes have the same value. */
+# $servers->setValue('unique','attrs',array('mail','uid','uidNumber'));
+
+/* If you set this, then phpldapadmin will bind to LDAP with this user ID when
+ searching for attribute uniqueness. The idea is, this user id would have full
+ (readonly) access to your ldap directory (the logged in user may not), so
+ that you can be guaranteed to get a unique uidnumber for your directory. */
+// $servers->setValue('unique','dn',null);
+
+/* The password for the dn above. */
+// $servers->setValue('unique','pass',null);
+
+/**************************************************************************
+ * If you want to configure additional LDAP servers, do so below. *
+ * Remove the commented lines and use this section as a template for all *
+ * your other LDAP servers. *
+ **************************************************************************/
+
+/*
+$servers->newServer('ldap_pla');
+$servers->setValue('server','name','LDAP Server');
+$servers->setValue('server','host','127.0.0.1');
+$servers->setValue('server','port',389);
+$servers->setValue('server','base',array(''));
+$servers->setValue('login','auth_type','cookie');
+$servers->setValue('login','bind_id','');
+$servers->setValue('login','bind_pass','');
+$servers->setValue('server','tls',false);
+
+# SASL auth
+$servers->setValue('login','auth_type','sasl');
+$servers->setValue('sasl','mech','GSSAPI');
+$servers->setValue('sasl','realm','EXAMPLE.COM');
+$servers->setValue('sasl','authz_id',null);
+$servers->setValue('sasl','authz_id_regex','/^uid=([^,]+)(.+)/i');
+$servers->setValue('sasl','authz_id_replacement','$1');
+$servers->setValue('sasl','props',null);
+
+$servers->setValue('appearance','password_hash','md5');
+$servers->setValue('login','attr','dn');
+$servers->setValue('login','fallback_dn',false);
+$servers->setValue('login','class',null);
+$servers->setValue('server','read_only',false);
+$servers->setValue('appearance','show_create',true);
+
+$servers->setValue('auto_number','enable',true);
+$servers->setValue('auto_number','mechanism','search');
+$servers->setValue('auto_number','search_base',null);
+$servers->setValue('auto_number','min',array('uidNumber'=>1000,'gidNumber'=>500));
+$servers->setValue('auto_number','dn',null);
+$servers->setValue('auto_number','pass',null);
+
+$servers->setValue('login','anon_bind',true);
+$servers->setValue('custom','pages_prefix','custom_');
+$servers->setValue('unique','attrs',array('mail','uid','uidNumber'));
+$servers->setValue('unique','dn',null);
+$servers->setValue('unique','pass',null);
+
+$servers->setValue('server','visible',true);
+$servers->setValue('login','timeout',30);
+$servers->setValue('server','branch_rename',false);
+$servers->setValue('server','custom_sys_attrs',array('passwordExpirationTime','passwordAllowChangeTime'));
+$servers->setValue('server','custom_attrs',array('nsRoleDN','nsRole','nsAccountLock'));
+$servers->setValue('server','force_may',array('uidNumber','gidNumber','sambaSID'));
+*/
+?>
\ No newline at end of file
diff --git a/base/container_files/httpd/phpMyAdmin.conf b/base/container_files/httpd/phpMyAdmin.conf
new file mode 100644
index 0000000..5a6413a
--- /dev/null
+++ b/base/container_files/httpd/phpMyAdmin.conf
@@ -0,0 +1,77 @@
+# phpMyAdmin - Web based MySQL browser written in php
+#
+# Allows only localhost by default
+#
+# But allowing phpMyAdmin to anyone other than localhost should be considered
+# dangerous unless properly secured by SSL
+
+Alias /phpMyAdmin /usr/share/phpMyAdmin
+Alias /phpmyadmin /usr/share/phpMyAdmin
+
+<Directory /usr/share/phpMyAdmin/>
+ AddDefaultCharset UTF-8
+
+ <IfModule mod_authz_core.c>
+ # Apache 2.4
+ <RequireAny>
+ Require all granted
+ Require ip 127.0.0.1
+ Require ip ::1
+ </RequireAny>
+ </IfModule>
+ <IfModule !mod_authz_core.c>
+ # Apache 2.2
+ Order Deny,Allow
+ Deny from All
+ Allow from 127.0.0.1
+ Allow from ::1
+ </IfModule>
+</Directory>
+
+<Directory /usr/share/phpMyAdmin/setup/>
+ <IfModule mod_authz_core.c>
+ # Apache 2.4
+ <RequireAny>
+ Require all granted
+ Require ip 127.0.0.1
+ Require ip ::1
+ </RequireAny>
+ </IfModule>
+ <IfModule !mod_authz_core.c>
+ # Apache 2.2
+ Order Deny,Allow
+ Deny from All
+ Allow from 127.0.0.1
+ Allow from ::1
+ </IfModule>
+</Directory>
+
+# These directories do not require access over HTTP - taken from the original
+# phpMyAdmin upstream tarball
+#
+<Directory /usr/share/phpMyAdmin/libraries/>
+ Order Deny,Allow
+ Deny from All
+ Allow from None
+</Directory>
+
+<Directory /usr/share/phpMyAdmin/setup/lib/>
+ Order Deny,Allow
+ Deny from All
+ Allow from None
+</Directory>
+
+<Directory /usr/share/phpMyAdmin/setup/frames/>
+ Order Deny,Allow
+ Deny from All
+ Allow from None
+</Directory>
+
+# This configuration prevents mod_security at phpMyAdmin directories from
+# filtering SQL etc. This may break your mod_security implementation.
+#
+#<IfModule mod_security.c>
+# <Directory /usr/share/phpMyAdmin/>
+# SecRuleInheritance Off
+# </Directory>
+#</IfModule>
\ No newline at end of file
diff --git a/base/container_files/httpd/phpldapadmin.conf b/base/container_files/httpd/phpldapadmin.conf
new file mode 100644
index 0000000..a9bd554
--- /dev/null
+++ b/base/container_files/httpd/phpldapadmin.conf
@@ -0,0 +1,20 @@
+#
+# Web-based tool for managing LDAP servers
+#
+
+Alias /phpldapadmin /usr/share/phpldapadmin/htdocs
+Alias /ldapadmin /usr/share/phpldapadmin/htdocs
+
+<Directory /usr/share/phpldapadmin/htdocs>
+ <IfModule mod_authz_core.c>
+ # Apache 2.4
+ Require all granted
+ </IfModule>
+ <IfModule !mod_authz_core.c>
+ # Apache 2.2
+ Order Deny,Allow
+ Deny from all
+ Allow from 127.0.0.1
+ Allow from ::1
+ </IfModule>
+</Directory>
\ No newline at end of file