OpenLDAP is an open-source implementation of the Lightweight Directory Access Protocol (LDAP), which provides a way to manage and access directory information, making it particularly useful for authentication and centralized data storage.

phpLDAPadmin is a web-based graphical user interface for managing OpenLDAP servers, which simplifies the administration of LDAP directories by providing an easy-to-use interface for common tasks such as user management, schema management, and search capabilities.

In this article, we will demonstrate how to install and configure an OpenLDAP server and manage it using phpLDAPadmin on Ubuntu and Debian-based distributions.

Step 1: Set the Hostname

Setting the hostname for your LDAP server is essential for identification, ease of access, security, and overall management.

sudo hostnamectl set-hostname ldap.tecmint.com

Next, add this hostname to your /etc/hosts file:

echo "192.168.122.100 ldap.tecmint.com" | sudo tee -a /etc/hosts

Replace 192.168.122.100 with your server’s IP address.

Set System Hostname
Set System Hostname

Step 2: Installation of OpenLDAP Server

By default, the OpenLDAP server is available in the repositories under the package name slapd, which can be easily installed using the apt package manager.

sudo apt update
sudo apt install slapd ldap-utils

During the installation, you will be prompted to set an admin password for your OpenLDAP server. Make sure to remember this password, as you will need it later.

Set LDAP Admin Password
Set LDAP Admin Password

Once the installation is complete, you can configure the OpenLDAP server.

Step 3: Configure OpenLDAP Server

To configure the OpenLDAP server, edit the ldap.conf file, located in the /etc/ldap directory using your favourite text editor.

sudo nano /etc/ldap/ldap.conf

In the configuration file, you will see comments and example settings. Look for the lines that specify BASE and URI and uncomment them. Modify these lines with your own domain name and IP address.

For this example, we’ll use tecmint.com as the domain name.

BASE   dc=tecmint123,dc=com
URI    ldap://ldap.example.com ldap://ldap-master.example.com:666
Configure LDAP Server
Configure LDAP Server

After making the changes, save the file and run the following command to reconfigure the LDAP package:

sudo dpkg-reconfigure slapd

During the configuration of OpenLDAP using the dpkg-reconfigure slapd command, you will encounter several prompts that require specific inputs.

Here’s a brief explanation of each question and the recommended responses:

Omit OpenLDAP Server Configuration, which allows you to configure the server settings. Selecting “No” ensures that you can set up the LDAP server according to your requirements.

Omit OpenLDAP Server
Omit OpenLDAP Server

The DNS Domain Name is the domain name for your LDAP server, which forms part of the base DN (Distinguished Name), which is essential for structuring your LDAP directory and must be properly configured to ensure correct operation.

Set DNS Name for LDAP
Set DNS Name for LDAP

The Organization Name field is used to identify your organization within the LDAP directory, which is helpful in organizing entries and can be any name that represents your organization.

Set Organization Name for LDAP
Set Organization Name for LDAP

The Administrator Password is critical as it grants administrative access to the LDAP directory. Ensure that it is secure and memorable, as you will need it for future administrative tasks.

Enter LDAP Admin Password
Enter LDAP Admin Password

The option Remove database when slapd is purged means, your data will not be deleted automatically, which is useful if you plan to reinstall or upgrade without losing your existing directory data.

Purge Ldap Database
Purge Ldap Database

The Move old database option allows the installer to move any existing database files to a new location, ensuring a clean setup for your new configuration.

Move Old Ldap Database
Move Old Ldap Database

After completing these prompts, OpenLDAP will be configured.

Step 4: Install and Configure phpLDAPadmin

Now, install phpLDAPadmin, which provides a web interface to manage your OpenLDAP server.

sudo apt install phpldapadmin -y

After installing phpLDAPadmin, you need to configure it to connect to your OpenLDAP server.

sudo nano /etc/phpldapadmin/config.php

Find the following line and change it to your OpenLDAP server (usually localhost).

$servers->setValue('server','host','localhost');

Set the admin user by finding this line:

$servers->setValue('login','auth_type','cookie');

Change it to:

$servers->setValue('login','auth_type','session');

Set the base DN by finding the line that starts with:

$servers->setValue('base','dc=example,dc=com');

Replace it with your domain name:

$servers->setValue('base','dc=yourdomain,dc=com');

Step 5: Configure Apache for phpLDAPadmin

You need to configure Apache to serve phpLDAPadmin.

sudo nano /etc/apache2/conf-available/phpldapadmin.conf

Find the following line and make sure it is uncommented (remove the # at the beginning if present).

Alias /phpldapadmin /usr/share/phpldapadmin

Next, add the following lines to allow access to phpLDAPadmin:

<Directory /usr/share/phpldapadmin/htdocs/>
    Options Indexes FollowSymLinks
    AllowOverride All
    Require all granted
</Directory>

Enable the phpLDAPadmin configuration and restart Apache for the changes to take effect:

sudo a2enconf phpldapadmin
sudo systemctl restart apache2

Now that everything is set up, you can access phpLDAPadmin through your web browser.

http://your-server-ip/phpldapadmin

You will be prompted to log in using the following credentials.

Login DN: cn=admin,dc=yourdomain,dc=com
Password: admin password
phpLDAPadmin Login
phpLDAPadmin Login
Conclusion

Congratulations! You have successfully installed OpenLDAP with phpLDAPadmin on Ubuntu. You can now manage your LDAP directory easily through the phpLDAPadmin web interface.

If you have any questions or encounter any issues, feel free to ask!

Similar Posts