LDAP, or Lightweight Directory Access Protocol, is a directory service protocol. With it, you can manage related information, such as user data, from a centralized location.
Although one might think LDAP is the open source equivalent to Microsoft’s Active Directory, that assumption would be incorrect. LDAP has, for the most part, worked outside of the Windows ecosystem to focus on Linux/Unix. LDAP doesn’t adhere to Active Directory’s concepts of domains or single sign-on. LDAP is, by and large, implemented with open source solutions; as a result, LDAP enjoys more flexibility than Active Directory.
For some people, the biggest challenge of using LDAP is getting it up and running; I’ll demystify that process by walking you through the steps of getting LDAP set up on a Ubuntu 16.04. We’ll install LDAP and then install phpLDAPadmin in preparation to populate LDAP with users.
SEE: Power checklist: Managing and troubleshooting servers (Tech Pro Research)
Installing LDAP
- Open a terminal window.
- Update apt with the command sudo apt-get update.
- Once the update completes, install LDAP with the command sudo apt-get install slapd ldap-utils.
- Allow the installation to complete.
Configuring LDAP
To begin the process of configuring LDAP, issue the command sudo dpkg-reconfigure slapd. You’ll be presented with a number of options to configure. These options are:
- Omit OpenLDAP Server Configuration: Select No
- DNS Domain Name: This creates the base structure for your directory path (the configuration window, Figure A, explains this).
- Organization Name: The name to be used as the base DN for your LDAP directory.
- Administrator Password: The password to be used for your LDAP admin user.
- Database Backend: Select HDB
- Remove The Database When Slapd Is Purged: Select No
- Move Old Database: Select Yes
- Allow LDAPv2 Protocol: Select No
Figure A
Installing phpLDAPadmin
Fortunately, phpLDAPadmin can be found in standard repositories, so installing the software can be done with a single command:
sudo apt-get install phpldapadmin
Once the package is installed, it must be configured for usage. Open the configuration file in your favorite text editor (this must be edited with root privileges, such as with sudo nano /etc/phpldapadmin/config.php). All you need to do for this configuration file is look for the following lines:
$servers->setValue('server','base',array('dc=test,dc=com'));
â$servers->setValue('login','bind_id','cn=admin,dc=test,dc=com');
Replace dc=test and dc=com with the DNS domain name you set when you ran sudo dpkg-reconfigure slapd. In my case, that will be dc=monkeypantz and dc=net.
Finally, search for the line:
$config->custom->appearance['hide_template_warning'] = true;
Change the value from true to false; otherwise, you’ll get a number of unnecessary warnings.
Save the file, and you’re ready to log into the phpLDAPadmin interface.
Logging in and using phpLDAPadmin
Point your browser to http://IP_OF_SERVER/phpldapadmin (IP_OF_SERVER is the actual IP address of your LDAP server). From the main window, click the login button in the left pane. When prompted (Figure B), you will log into your DN and enter the password for the admin user created during the slapd reconfiguration.
Figure B
You ‘re ready to start populating LDAP with organizational units, groups, and users.
Making the complex simple
LDAP doesn’t have to cause you undue stress; it’s not nearly as complicated as you might think. In a few quick steps, you can have an LDAP server ready to go.
In an upcoming tip, I’ll walk you through the process of adding organizational units, groups, and users with both phpLDAPadmin and from the command line, so your LDAP server is a fully functional directory.