Recently I was tasked with installing and configuring OpenLDAP/phpLDAPadmin on a Ubuntu 18.04 server. I googled for the same, and I got a good number of articles to guide this activity. Still, I had many issues with phpLDAPadmin. I resolved all those issues by doing some source file changes and config changes. So in this article, I provided step by step instructions to install & configure the OpenLDAP/phpLDAPadmin.
- Login into the Ubuntu server.
- Switch to the root user by executing the command,
sudo su -
3. Execute the following command to install OpenLDAP,
apt update apt install slapd ldap-utils -y
4. Enter an LDAP administrator password.
5. Make sure OpenLDAP is running by executing the following command,
systemctl status slapd
- Execute the following command to configure the OpenLDAP,
2. Select “No” for “Omit OpenLDAP server configuration?” as shown below,
3. Enter the domain name of your company(Example: thedeveloperfriend.com)
4. Enter your organization name,
5. Enter an administrative password (Please enter the same password you used in the above section)
6. Select the MDB as database backend,
7. Select “No” for “Do you want the database to be removed when slapd is purged?”
8. Select “Yes” for “Move old database?”
9. Open “/etc/ldap/ldap.conf” file for editing. Enter the following two configuration lines,
BASE dc=thedeveloperfriend,dc=com URI ldap://localhost
Note: If the domain name is “thedeveloperfriend.com” then enter BASE as “dc=thedeveloperfriend,dc=com.”
phpLDAPadmin is a web GUI tool for managing the OpenLDAP server.
- Execute the following commands to install the phpLDAPadmin,
apt-get update apt install phpldapadmin -y
2. Open /etc/phpldapadmin/config.php file for editing. Specify the Ubuntu server IP address in the following configuration,
Specify an empty array for the following configuration (as shown below),
Uncomment the following configuration and assign the value to true as shown below,
$config->custom->appearance['hide_template_warning'] = true;
3. Save and close the config.php file.
4. Take a backup of the file “/usr/share/phpldapadmin/lib/functions.php” by executing the following command,
5. Download the modified “functions.php” file using the link below,
6. Replace the file “/usr/share/phpldapadmin/lib/functions.php” with the file downloaded above.
ACCESSING THE phpLDAPadmin TOOL AS ADMIN
- Login to phpLDAPadmin using the URL below,
2. Click on the login link.
3. Enter the “Login DN” (For example, If the domain name entered above in the “CONFIGURING OpenLDAP” section is thedeveloperfriend.com then “Login DN” will be “cn=admin,dc=thedeveloperfriend,dc=com”)
4. Enter the “Password” as the administrative password entered above in the “CONFIGURING OpenLDAP” section.
5. The phpLDAPadmin console will be opening,
ADDING AN USER
This section explains how to add an LDAP user using the phpLDAPadmin GUI.
- Login into phpLDAPadmin as admin.
- Expand the root node and click on the “Create new entry here” link.
3. Select the “Default” option.
4. Select the ObjectClasses as “inetOrgPerson” and click Proceed button.
5. Select the RDN as “User Name (uid)”,
6. Enter the user details as described below,
cn: Unique username (Ex: rajesh)
sn: Last name (Ex: Raj)
Email: Email Id (Ex: firstname.lastname@example.org)
givenName: First name (Ex: Rajesh Kumar)
mobile: Mobile number (Ex: 9916421806)
password: Password for user
User Name: Unique username (As same as cn)
7. Click on the “Create Object” button.
8. Confirm the details and click on the “Commit” button,
SOME USEFUL COMMANDS TO VERIFY LDAP USER INFORMATION
VERIFYING USERNAME/PASSWORD OF AN USER
The following command can be used to verify the credentials of a user,
ldapwhoami -vvv -h "<LDAP_HOST_IP>" -p "<LDAP_PORT_NUMBER>" -D "<BASE DN OF USER>" -x -w "<PASSWORD_OF_USER>"
ldapwhoami -vvv -h "localhost" -p "389" -D "uid=rajesh,dc=thedeveloperfriend,dc=com" -x -w "Password@123"
If the username/password is correct, then we will get a success response as below,
RETRIEVING USER INFORMATION
The following command can be used display the user’s information,
ldapsearch -x -D "<LDAP_ADMIN_USERNAME>" -w "<LDAP_ADMIN_PASSWORD>" -b "<BASE DN OF USER>" -h "<LDAP_HOST_IP>"
ldapsearch -x -D "cn=admin,dc=thedeveloperfriend,dc=com" -w "Password@123" -b "uid=rajesh,dc=thedeveloperfriend,dc=com" -h "localhost"
The user data will be displayed as below,Follow Me