How to populate an LDAP server with users and groups via phpLDAPadmin

If you have an LDAP server, I bet you know how time consuming it can be to add users. If you have the time, you can always create a file, complete with all of your formatted LDAP entries, and import those in from the command line.

More about data centers

• Stargate Norway: OpenAI’s First AI Data Center in Europe
• AI Data Centers’ Soaring Energy Use: Who Pays for Higher Utilities Costs?
• China’s Submerged AI Data Center Could ‘Influence Global Sustainable Computing’
• Google to Power Data Centers With Nuclear Energy by 2030 in First-Of-A-Kind’ Agreement

Some users prefer doing things the good old-fashioned graphical way, and that’s where phpLDAPadmin comes in handy. With this web-based LDAP admin tool, you can more easily manage your LDAP server and populate it with users.

I’ll walk you through the process of populating LDAP with the help of phpLDAPadmin on a Ubuntu 16.04 server running LDAP. I assume you have LDAP and phpLDAPadmin installed, and with all that out of the way, you can log into phpLDAP. But where do you go from there? Let me show you.

SEE: Storage in 2017: Big improvements are on the way (ZDNet)

Creating Organizational Units

LDAP breaks everything into very specific pieces, and we’re going to focus on two of those pieces: people and groups. Because we’re creating fairly generic Organizational Units (OUs), we’ll use the Generic Organizational Unit Template. To get there, log into phpLDAPadmin, click to expand your server listing (in my example it’s dc=monkeypantz,dc=net) and then click Create New Entry Here (Figure A).

Figure A

In the right pane (Figure B), select Generic: Organizational Unit.

Figure B

Let’s first create an OU named “groups”. In the next window type groups and click Create Object. Commit the group by clicking Commit in the next window (Figure C).

Figure C

You’ll see a new entry in the left pane called ou=groups (Figure D).

Figure D

Let’s create a new OU named “users”. Walk through the same process as above, though name the OU “users” instead of “groups”. You’ll see “ou=groups” and “ou=users” in the left pane.

Creating groups

Now that we have an OU created for groups, we can add the necessary groups. Let’s create groups for “admin”, “developers”, and “users”. Here’s how.

1. Click the groups OU in the left pane.
2. In the resulting window, click Create Child Entry (Figure E).
3. Click Generic: Posix Group.
4. Type admin into the group text area.
5. Click Create Object.
6. Click Commit.
7. Repeat the process for “developers” and “users”.

Figure E

Creating users

Now that we have our groups created, we want to create users. To do this, follow these steps.

1. Click ou=users from the left pane.
2. In the resulting window, click Create A Child Entry.
3. Select Generic: User Account.
4. Fill out the required information- note that Common Name must be unique (Figure F).
5. Click Create Object.
6. Click Commit.
7. Repeat this process until you have added your necessary users added.

Figure F

Adding users to groups

To add a user to a group, you must know the user’s UID (named User ID in the user creation window). To find a UID go to ou=users | View X child (where X is the number of users) and then locate the user to be added and make note of their associated UID. Once you have that UID, let’s add that user to the developers group. Here’s how.

1. Expand ou=groups.
2. Click the developers group.
3. Click Add New Attribute.
4. From the drop-down, select memberUID.
5. Enter the UID for the user in the memberUID section (Figure G).
6. Click Update Object.

Figure G

After you add the first user, adding subsequent users is much simpler. If you click the group name (under ou=groups in the left pane), you can click Modify Group Members (under memberUID) and then add the users from a list.

How easy was that?

Now you know how to create groups, create users, and add users to groups on your LDAP server…all with the help of a user-friendly web-based GUI. LDAP isn’t nearly as difficult as many would assume. With the help of phpLDAPadmin, the task of administering that server has been made significantly easier.