For this tutorial, you will need an Ubuntu Linux installation with a static IP address assigned, and you will need to make friends with the command prompt.
|
|
OpenLDAP (lightweight directory access protocol) provides active directory authentication and enables you to set up user accounts that provide the user access on each computer in your network without having to set up a local user account on each computer. This is the protocol that Microsoft Active Directory utilizes. OpenLDAP is the free and open-source implementation of LDAP.
For this tutorial, you will need an Ubuntu Linux installation with a static IP address assigned, and you will need to make friends with the command prompt.
Installing OpenLDAP:
To begin, open your terminal and enter the following command:
sudo apt-get install slapd ldap-utils -y
Create your admin password, and be sure to commit that to memory.
After the installation is completed, you can check it’s status with the following command:
systemctl status slap
Then configure slapd with the following command:
dpkg-reconfigure slapd
You will then need to answer the following questions:
Omit OpenLDAP server configuration? Answer: No
The DNS domain name is used to construct the base DN of the LDAP directory. For example, ‘foo.example.org’ will create the directory with ‘dc=foo, dc=example, dc=org’ as base DN.
DNS domain name:
Answer: Choose and enter whichever domain you wish as your DNS domain name.
Please enter the name of the organization to use in the base DN of your LDAP directory.
Organization name:
Answer: Enter your organization’s name. Ensure that this answer is consistent with what you chose for your DNS domain name.
Please enter the password for the admin entry in your LDAP directory.
Administrator password:
Answer: Enter the admin password that you created when you first installed OpenLDAP.
If you are asked about which database back-end to use, select MDB.
Do you want the database to be removed when slapd is purged?
Answer: No
There are still files in /var/lib/ldap which will probably break the configuration process. If you enable this option, the maintainer scrips will move the old database files out of the way before creating a new database?
Answer: Yes
The obsolete LDAPv2 protocol is disabled by default in the slapd. Programs and users should upgrade to LDAPv3. If you have old programs which can’t use LDAPv3, you should select this option and ‘allow bind_v2’ will be added to your slapd.conf file.
Allow LDAPv2 protocol?
My Answer: No
Once the installation is finished you should see an output on the command line like this:
Moving old database directory to /var/backups: directory unknown… done. Creating initial configuration… done.
Creating LDAP directory… done.
Edit the LDAP configurations file:
To edit the LDAP configuration file, enter the following command:
nano /etc/ldap/ldap.conf
You will need to uncomment the lines that begin with BASE and URI by removing the # symbol at the beginning of those lines. Then you will need to add the domain name that you chose when setting up your LDAP configuration and your IP address followed by a semicolon and the port number 389. In my case, I used the example default for the domain when I set up my LDAP configuration. Based on those settings my file is configured as pictured below:
After you have edited the file press control and x then select yes to save and press enter.
Restart Apache and configure the firewall:
Restart the Apache web server with the following command:
systemctl restart apache2
You will need ports 80 and 389 opened on your system’s firewall in order for this to work. To open those ports enter the following commands:
ufw allow 80
ufw allow 389
Verify your install was successful:
To verify that the service is installed and properly configured enter the following command in your command prompt:
ldapsearch -x
The command-line output shows the result section near the bottom of the output it should list the result: 0 Success.
Installing phpLDAPadmin:
Now that the OpenLDAP server is setup we will install and configure phpLDAPadmin. This utility provides you with a front-end web-based application to administer your active directory accounts.
To begin setup enter the following command:
apt-get install phpldapadmin -y
After the installation is finished, create a symbolic link with the following command:
ln -s /usr/share/phpldapadmin/ /var/www/html/phpldapadmin
Edit the phpLDAPadmin configuration file:
To edit the phpLDAPadmin configuration file, enter the following command:
nano /etc/phpldapadmin/config.php
When the file is opened uncomment the following line and set your timezone:
config->custom->appearance[‘timezone’] = ‘America/Los_Angeles’;
Set your ldap server name in this line:
$servers->setValue(‘server’,’base’,array(‘dc=example,dc=com’));
Set your server IP address in this line:
$servers->setValue(‘server’,’host’,’Enter your IP here’);
Set your server name again in the bold section of this line:
$servers>setValue(‘login’,’bind_id’,’cn=admin,dc=example,dc=com‘);
-Note: Your server name would be the same as the organization name you chose earlier. You may now save and close the file.
Restart Apache, and access phpLDAPadmin:
Restart the Apache service with the following command:
systemctl restart apache2
To access phpLDAPadmin, type your IP address or domain name followed by /phpldapadmin in your browser. Your login page will then load.
Click on login and enter your password to log in and begin administering your LDAP directory. Full Story |