How to install LDAP Account Manager on Ubuntu 18.04

Looking for a web-based GUI for LDAP administration? You can't go wrong with the LDAP Account Manager.

How to install LDAP Account Manager on Ubuntu 18.04

If you manage an LDAP server in your data center, you're probably always looking for a tool to make that job easier. To wit, plenty of tools exist to ease the suffering of the LDAP administrator. One such tool is LDAP Account Manager (LAM).

LAM is a web-based tool that features:

  • Support for 2-factor authentication
  • Support for account creation profiles
  • CSV file upload
  • Automatic creation/deletion of home directories
  • File system quotas
  • PDF output for all accounts
  • Schema and LDAP browser
  • Multiple LDAP server support
  • And much more

I want to walk you through the process of installing LAM on the Ubuntu Server 18.04 platform. I will assume you already have your LDAP server up and running, as well as Apache installed. The LAM system can be installed on the same server as is LDAP, or on a remote server (so long as both machines are able to communicate with one another).

SEE: Data center automation research report 2018: Despite growth in data, automation adoption remains slow (Tech Pro Research)


Because LAM can be found in the standard repositories, Installation is actually quite simple. Open a terminal window and issue the following command:

sudo apt -y install ldap-account-manager

Once the installation completes, you'll want to restrict LAM to only IP addresses on your LAN (Unless you plan on accessing LAM from the WAN). To do this, issue the command:

sudo nano /etc/apache2/conf-enabled/ldap-account-manager.conf

In that file, look for the line:

Require all granted

Comment that out (by adding a # to the beginning of the line) and add the following line below it:

Require ip

Make sure to substitute your LAN address scheme in the above line.

Save and close that file. Restart Apache with the command:

sudo systemctl restart apache2

Opening the web interface

Open a browser and point it to http://SERVER_IP/lam (where SERVER_IP is the IP address of the server hosting LAM). In the resulting screen (Figure A), click LAM configuration in the upper right corner.

Figure A

Figure A

Created with GIMP

In the next window click Edit server profiles. You will then be prompted for the default profile password. Type lam and click OK. You should now see the Server settings page (Figure B).

Figure B

Figure B

The LAM server settings page.

If your LDAP server is on a different machine, enter its IP address in the Server address section. Scroll to the bottom of this page and create a new password for the LAM default profile. Once you've done that, click the Save button. You'll then be prompted to go back to the default profile and log back in. Once you've logged back in, you need to configure a minimum of the following (in the Edit Server profiles section), according to your LDAP server:

  • Under Security settings, set the dashboard login by specifying the LDAP admin user account (and domain components).
  • In the Account Types tab, configure the Active account types LDAP suffix and List attributes.

Once you've configured those options, click Save. You'll be logged out of the Server profile manager, where you can then log into LAM with your LDAP server admin credentials. Upon successful login, you'll find yourself on the LAM management screen (Figure C), where you can start administering your LDAP server.

Figure C

Figure C

The LAM main window.

Reporting for duty

And that's all there is to it. You now have a powerful, user-friendly, web-based LDAP manager ready for duty. It'll take you about five minutes to get this up and running. Considering how much more efficient your LDAP work will be, that's time well spent.

Also see

Image: Jack Wallen