Install and Configure phpLDAPadmin on Ubuntu 16.04 and CentOS 7
source link: https://computingforgeeks.com/install-and-configure-phpldapadmin-on-ubuntu-16-04-and-centos-7/
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
Learn to Install and Configure phpLDAPadmin on Ubuntu 16.04 and CentOS 7 by following this guide. If you have been administering OpenLDAP, you must be aware of challenges and complexities of using native OpenLDAP administration commands like ldapadd,ldapdelete, ldapmodify, ldapsearch, e.t.c.
The phpLDAPadmin is a web app written in PHP for administering Lightweight Directory Access Protocol servers. phpLDAPadmin is licensed under the GNU General Public License. And OpenLDAP is a free, open-source implementation of the Lightweight Directory Access Protocol developed by the OpenLDAP Project.
In this guide, I’ll cover how to install OpenLDAP on both CentOS 7 and Ubuntu 16 servers, then proceed to installation and configuration of phpLDAPadmin.
Installing OpenLDAP on CentOS 7
Install epel-release, update yum cache and install OpenLDAP packages.
$ sudo yum -y install epel-release $ sudo yum clean all && yum makecache fast && yum update $ sudo yum -y install openldap-servers openldap-clients
Copy DB config:
$ sudo cp /usr/share/openldap-servers/DB_CONFIG.example /var/lib/ldap/DB_CONFIG $ sudo chown ldap. /var/lib/ldap/DB_CONFIG
Start and enable slapd password
$ sudo systemctl start slapd && sudo systemctl enable slapd
Generate OpenLDAP admin password:
$ sudo su -
# slappasswd
New password:
Re-enter new password:
{SSHA}xxxxxxxxxxxxxxxxxxxxxxxxCreate change_pw.ldif file which holds password to be set:
# cat change_pw.ldif
dn: olcDatabase={0}config,cn=config
changetype: modify
add: olcRootPW
olcRootPW: {SSHA}xxxxxxxxxxxxxxxxxxxxxxxxReplace the olcRootPW value with a hashed password given from your output of the command slappasswd.
Apply new password for admin user:
# ldapadd -Y EXTERNAL -H ldapi:/// -f change_pw.ldif
Open ldap and ldaps service on the firewall:
# firewall-cmd --add-service={ldap,ldaps} --permanent
# firewall-cmd --reloadInstalling OpenLDAP on Ubuntu 16.04
Update apt cache and install OpenLDAP packages:
$ sudo su - # apt-get update && apt-get -y install slapd ldap-utils # slapcat
Installing phpLDAPadmin on CentOS 7
Install Apache web server and PHP:
# yum -y install httpd php php-mbstring php-pear
Start and enable httpd service:
# systemctl start httpd && systemctl enable httpd
Open HTTP and HTTPS ports o the firewall:
# firewall-cmd --add-service={http,https} --permanent
# firewall-cmd --reloadInstall phpLDAPadmin:
# yum -y install epel-release
# yum -y install phpldapadmin
Edit /etc/phpldapadmin/config.php:
$servers->setValue('server','name','Local LDAP Server');
$servers->setValue('server','base', array('dc=example,dc=com'));
$servers->setValue('login','attr','dn');
//$servers->setValue('login','attr','uid');Restart httpd:
# systemctl restart httpd
Installing phpLDAPadmin on Ubuntu 16.04
Install Apache 2 and php:
# apt-get -y install apache2 php php-cgi libapache2-mod-php php-mbstring php-common php-pear
Install phpLDAPadmin:
# apt-get -y install phpldapadmin
Modify access permissions on /etc/apache2/conf-enabled/phpldapadmin.conf:
Order deny,allow Deny from all Allow from 127.0.0.1 private-subnet/24
Restart apache:
# systemctl restart apache2
To access phpLDAPadmin, you’ve to access “http://(server’s hostname or IP address)/ldapadmin/” from a client which is in the network allowed.
Click “login” at the top left corner:
Securing phpLDAPadmin with Letsencrypt:
Now that you have phpLDAPadmin installed and running, Let’s proceed to configure Letsencrypt SSL certificate for the server hostname. This will ensure that all traffic to phpLDAPadmin is encrypted. Let’s proceed to install certbot on Ubuntu and CentOS 7.
Installing certbot on CentOS 7 and Ubuntu 16.04
$ sudo su - $ wget https://dl.eff.org/certbot-auto -P /usr/local/bin $ chmod a+x /usr/local/bin/certbot-auto
Make sure https port is Open on the firewall for CentOS 7
# firewall-cmd --add-service https --permanent # firewall-cmd --reload
Stop httpd service:
On CentOS:
$ sudo systemctl stop httpd
On Ubuntu 16.04:
$ sudo systemctl stop apache2
Generating Letsencrypt SSL certificate
Request for SSL certificate
$ sudo su - # export DOMAIN=`hostname -f` # export EMAIL="notification-email-address" # certbot certonly --standalone -d $DOMAIN --preferred-challenges http --agree-tos \ -n -m $EMAIL --keep-until-expiring
After certificate generation, configure apache for https and possibly http to https redirection:
Configuring Apache for https and http to https redirection
On CentOS, the file to be modified is located under /etc/httpd/conf.d/phpldapadmin.conf. On Ubuntu, the file is under /etc/apache2/conf-enabled/phpldapadmin.conf. Please update this file accordingly
# # Web-based tool for managing LDAP servers # <VirtualHost *:80> ServerName ldap.example.com ServerAlias ldap ServerAdmin [email protected] # Redirect http to https Redirect / https://ldap.example.com/ Alias /phpldapadmin /usr/share/phpldapadmin/htdocs Alias /ldapadmin /usr/share/phpldapadmin/htdocs </VirtualHost> <Directory /usr/share/phpldapadmin/htdocs> AllowOverride None Require ip 192.168.10.20 Require ip 192.168.10.21 </Directory> # HTTPS section <VirtualHost *:443> ServerName ldap.example.com ServerAlias ldap ServerAdmin [email protected] Alias /phpldapadmin /usr/share/phpldapadmin/htdocs Alias /ldapadmin /usr/share/phpldapadmin/htdocs SSLEngine on SSLCertificateFile /etc/letsencrypt/live/ldap.example.com/fullchain.pem SSLCertificateKeyFile /etc/letsencrypt/live/ldap.example.com/privkey.pem </VirtualHost>
NB: Replace all occurrences of ldap.example.com with server hostname and 192.168.10.20,192.168.10.21 with allowed IPs to access from, you can remove this if you’re not doing any restrictions. The domain example.com should be replaced with your real domain name. After making all the changes, then restart Apache web service.
On CentOS 7
$ sudo systemctl restart httpd
On Ubuntu 16.04
$ sudo systemctl retsart apache2
You can now access phpLDAPadmin via https –> https://ldap.example.com/ldapadmin and you should get redirect from http to https if you access it through http://ldap.example.com/ldapadmin
Wrapping up
phpLDAPadmin is a nice tool to have for any LDAP admin working with OpenLDAP. If you’re still new to OpenLDAP, phpLDAPadmin will be so helpful. You’ll have to spend some time learning to navigate on its UI. Some advanced configurations will have to be done on through command line though, like creating and updating ObjectClasses and Attributes. To this end, hope you enjoyed reading how to Install and Configure phpLDAPadmin on Ubuntu 16.04 and CentOS 7 guide.
Recommend
About Joyk
Aggregate valuable and interesting links.
Joyk means Joy of geeK