If you manage an LDAP server in your data center, you're probably always looking for a tool to make that job easier. To wit, plenty of tools exist to ease the suffering of the LDAP administrator. One such tool is LDAP Account Manager (LAM).
LAM is a web-based tool that features:
- Support for 2-factor authentication
- Support for account creation profiles
- CSV file upload
- Automatic creation/deletion of home directories
- File system quotas
- PDF output for all accounts
- Schema and LDAP browser
- Multiple LDAP server support
- And much more
I want to walk you through the process of installing LAM on the Ubuntu Server 18.04 platform. I will assume you already have your LDAP server up and running, as well as Apache installed. The LAM system can be installed on the same server as is LDAP, or on a remote server (so long as both machines are able to communicate with one another).
Because LAM can be found in the standard repositories, Installation is actually quite simple. Open a terminal window and issue the following command:
sudo apt -y install ldap-account-manager
Once the installation completes, you'll want to restrict LAM to only IP addresses on your LAN (Unless you plan on accessing LAM from the WAN). To do this, issue the command:
sudo nano /etc/apache2/conf-enabled/ldap-account-manager.conf
In that file, look for the line:
Require all granted
Comment that out (by adding a # to the beginning of the line) and add the following line below it:
Require ip 192.168.1.0/24
Make sure to substitute your LAN address scheme in the above line.
Save and close that file. Restart Apache with the command:
sudo systemctl restart apache2
Opening the web interface
Open a browser and point it to http://SERVER_IP/lam (where SERVER_IP is the IP address of the server hosting LAM). In the resulting screen (Figure A), click LAM configuration in the upper right corner.
In the next window click Edit server profiles. You will then be prompted for the default profile password. Type lam and click OK. You should now see the Server settings page (Figure B).
If your LDAP server is on a different machine, enter its IP address in the Server address section. Scroll to the bottom of this page and create a new password for the LAM default profile. Once you've done that, click the Save button. You'll then be prompted to go back to the default profile and log back in. Once you've logged back in, you need to configure a minimum of the following (in the Edit Server profiles section), according to your LDAP server:
- Under Security settings, set the dashboard login by specifying the LDAP admin user account (and domain components).
- In the Account Types tab, configure the Active account types LDAP suffix and List attributes.
Once you've configured those options, click Save. You'll be logged out of the Server profile manager, where you can then log into LAM with your LDAP server admin credentials. Upon successful login, you'll find yourself on the LAM management screen (Figure C), where you can start administering your LDAP server.
Reporting for duty
And that's all there is to it. You now have a powerful, user-friendly, web-based LDAP manager ready for duty. It'll take you about five minutes to get this up and running. Considering how much more efficient your LDAP work will be, that's time well spent.
- How to install phpLDAPadmin on Ubuntu 18.04 (TechRepublic)
- How to install OpenLDAP on Ubuntu 18.04 (TechRepublic)
- How to install OpenLDAP and phpLDAPadmin on Ubuntu 16.04 (TechRepublic)
- How to populate an LDAP server with users and groups via phpLDAPadmin (TechRepublic)
- Mark Shuttleworth reveals Ubuntu 18.04 will get a 10-year support lifespan (ZDNet)
- Ubuntu Linux 18.10 arrives (ZDNet)
Jack Wallen is an award-winning writer for TechRepublic and Linux.com. He’s an avid promoter of open source and the voice of The Android Expert. For more news about Jack Wallen, visit his website jackwallen.com.