OpenLDAP is an open source directory server that can be used for a number of cases like storing organization information and to serve as a centralized repository of user accounts. One of the best tools for administering OpenLDAP is the phpLDAPadmin web-based GUI. I am going to walk you through the process of installing both of these tools to make your LDAP administration considerably easier.
I'll be demonstrating these steps on Ubuntu Server 16.04. The installation of both tools will be done through the command line, so prepare to type.
With that said, let's install.
The first thing that must be installed is OpenLDAP. Before we do this, let's make sure the server up to date with the commands:
sudo apt update sudo apt upgrade
Do note: If the server's kernel upgrades you'll need to reboot. Because of this, you might want to consider running the upgrade command when a server reboot is possible.
When the upgrade completes, you can then install OpenLDAP with the command:
sudo apt install slapd ldap-utils
The above command will pick up the necessary dependencies. During the installation, you will be prompted to create a password for the LDAP admin user (Figure A). Type and confirm that password.
When the installation completes, you'll need to configure LDAP. To do this, issue the command:
sudo dpkg-reconfigure slapd
The above command will open an ncurses window where you'll need to answer the following questions:
- Omit OpenLDAP server configuration—answer No
- DNS domain name—enter your correct A record for your domain name (or a subdomain)
- Organization Name—enter the name of your organization (such as company or division)
- Administrator password—enter the same password you used during the installation
- Database backend—select MDB
- Remove database—select No
- Move old database—select Yes
Now we need to configure the ldap.conf file. Issue the command sudo nano /etc/ldap/ldap.conf. In this file you need to uncomment out the BASE line by removing the # character and modify it to reflect your LDAP configuration. The configuration will look like:
BASE dc=DOMAIN, dc=COM
Where DOMAIN and COM are your domain. If you're using a subdomain, that line would look like:
BASE dc=SUBDOMAIN, dc=DOMAIN, cd=COM
Where SUBDOMAIN is the subdomain and DOMAIN and COM are your domain name.
Save and close that file.
Restart slapd with the command sudo systemctl restart slapd.
Before we move on, the configuration should be tested. Issue the command ldapsearch -x and you should see your configuration information displayed. You are ready to install phpLDAPadmin.
This handy tool can be installed with a single command. If your server doesn't already have Apache installed, the command will pick it up as a dependency. The command to install phpLDAPadmin is:
sudo apt install phpldapadmin
Once the installation is complete, there are a few configuration options that must be taken care of. To do this, open the phpldapadmin config file with the command sudo nano /etc/phpldapadmin/config.php. The following changes must be made.
First we need to disable template warnings. Locate the line:
// $config->custom->appearance['hide_template_warning'] = false;
Uncomment it out (by removing the // characters) and change it to:
$config->custom->appearance['hide_template_warning'] = true;
Next we need to allow phpLDAPadmin to automatically detect the base DN of your OpenLDAP server and disable anonymous login. Locate the line:
Change the above to:
Locate the line:
Uncomment out the above line (by removing the // characters) and then change it to:
Save and close that file. You are now ready to access your newly installed web admin tool by pointing a browser to http://SERVER_IP/phpldapadmin. You will then log in with the following:
Where DOMAIN and COM combine to make the domain name you configured for LDAP. Use the password you created during LDAP configuration. Click Authenticate and you'll find yourself in the LDAP administration window for phpLDAPadmin ready to work.
LDAP has never been so easy.
Keep it going
You can now start to add new entries to your LDAP server. Click Create new entry here and keep the LDAP fun going!
- How to install and configure rsyslog for a centralized Linux log server (TechRepublic)
- How to install and use Logwatch on Linux (TechRepublic)
- How to sync your Linux GUI-less server to your cloud service with rclone (TechRepublic)
- Why new users don't need to fear the Linux command line (TechRepublic Video)
- 2 ways to better secure your Linux home directory (TechRepublic)
- From Linux to Cloud, why Red Hat matters for every enterprise (ZDNet)
Jack Wallen is an award-winning writer for TechRepublic and Linux.com. He’s an avid promoter of open source and the voice of The Android Expert. For more news about Jack Wallen, visit his website jackwallen.com.