Why?
There could be different use cases that people use LDAP, but most often one of the best outcome we generally see is the benefit of maintaining a user account administrations for user account authentication. However, It just not store user password credential, but also other account specific information such as UID, GID, home-directory, Telephone numbers, other associate groups and etc.

phpLdapAdmin:
On the other hand, phpldapadmin is just a web based application that provide graphical user interface to interact with LDAP. It builds on top of PHP and by default Apache will host the application, so that users can access the interface via their favorite browsers.

Getting Started.

01. Install the required packages.

# yum install -y openldap openldap-clients openldap-servers

02. Generate root LDAP password

# slappasswd -s osradar -n

{SSHA}FJbfOwcgwKPpRwmZH23h3QvyK4bs3Nbj[root@localhost ~]#

You will have a similar above output, and then the root password for the Ldap will be;
{SSHA}FJbfOwcgwKPpRwmZH23h3QvyK4bs3Nbj

03. Next, create a TLS certificate to be used by LDAP server

# openssl req -new -x509 -nodes -out /etc/openldap/certs/cert.pem \
-keyout /etc/openldap/certs/priv.pem -days 365

Generating a 2048 bit RSA private key
...........................................................................................................................................................+++
.........................+++
writing new private key to '/etc/openldap/certs/priv.pem'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:LK
State or Province Name (full name) []:CMB
Locality Name (eg, city) [Default City]:colombo
Organization Name (eg, company) [Default Company Ltd]:osradar
Organizational Unit Name (eg, section) []:it
Common Name (eg, your name or your server's hostname) []:ldap-server.osradar.com
Email Address []:

04. Now, its time to initialize the LDAP database. First, you need to copy given example schema to a another working directory

# cp /usr/share/openldap-servers/DB_CONFIG.example /var/lib/ldap/DB_CONFIG

05. Generating DB files

# slaptest

5c5c5740 hdb_db_open: database "dc=my-domain,dc=com": db_open(/var/lib/ldap/id2entry.bdb) failed: No such file or directory (2).
5c5c5740 backend_startup_one (type=hdb, suffix="dc=my-domain,dc=com"): bi_db_open failed! (2)
slap_startup failed (test would succeed using the -u switch)

Dont worry about the errors.

06. Next, go into the directory where we generate the Certificate in above step. Then apply basic security.

# cd /etc/openldap/certs
# chown ldap:ldap *
# chmod 600 priv.pem
# chown ldap:ldap /var/lib/ldap/*

07. Starting up the server

# systemctl start slapd.service

08. Check the network socket is up & running

# ss -lnt
State       Recv-Q Send-Q                      Local Address:Port                                     Peer Address:Port                             
LISTEN      0      128                                    :::389                                                :::*

NOTE the 389/tcp which is the default for LDAP server.

09.  Generate cosine & nis LDAP schemas:

# cd /etc/openldap/schema

# ldapadd -Y EXTERNAL -H ldapi:/// -D "cn=config" -f cosine.ldif
SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0
adding new entry "cn=cosine,cn=schema,cn=config"

# ldapadd -Y EXTERNAL -H ldapi:/// -D "cn=config" -f nis.ldif
SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0
adding new entry "cn=nis,cn=schema,cn=config"

10. Its time to add the details that govern our LDAP service. You should take a note on the domain because LDAP always binds to a domain once built.

# vim /etc/openldap/changes.ldif

dn: olcDatabase={2}hdb,cn=config
changetype: modify
replace: olcSuffix
olcSuffix: dc=osradar,dc=com

dn: olcDatabase={2}hdb,cn=config
changetype: modify
replace: olcRootDN
olcRootDN: cn=Manager,dc=osradar,dc=com

dn: olcDatabase={2}hdb,cn=config
changetype: modify
replace: olcRootPW
olcRootPW: {SSHA}FJbfOwcgwKPpRwmZH23h3QvyK4bs3Nbj

dn: cn=config
changetype: modify
replace: olcTLSCertificateFile
olcTLSCertificateFile: /etc/openldap/certs/cert.pem
-
replace: olcTLSCertificateKeyFile
olcTLSCertificateKeyFile: /etc/openldap/certs/priv.pem

dn: cn=config
changetype: modify
replace: olcLogLevel
olcLogLevel: -1

dn: olcDatabase={1}monitor,cn=config
changetype: modify
replace: olcAccess
olcAccess: {0}to * by dn.base="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth" read by dn.base="cn=Manager,dc=osradar,dc=com" read by * none

olcRootPW => should be replace with the password that we generated at step 02
dc=osradar,dc=com => should be replace with the domain you want the LDAP to be in

11. Apply the changes to LDAP server

# ldapmodify -Y EXTERNAL -H ldapi:/// -f /etc/openldap/changes.ldif

SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0
modifying entry "olcDatabase={2}hdb,cn=config"
modifying entry "olcDatabase={2}hdb,cn=config"
modifying entry "olcDatabase={2}hdb,cn=config"
modifying entry "cn=config"
modifying entry "cn=config"
modifying entry "olcDatabase={1}monitor,cn=config"

12. Finally, we will need to setup a base to work with LDAP service. So, first create a file with enough details.

# vim  /etc/openldap/base.ldif 

dn: dc=osradar,dc=com
dc: osradar
objectClass: top
objectClass: domain

dn: ou=adminGroup,dc=osradar,dc=com
ou: adminGroup
objectClass: top
objectClass: organizationalUnit

13. Apply the changes now via ‘ldapadd’ command

# ldapadd -x -w osradar -D cn=Manager,dc=osradar,dc=com -f /etc/openldap/base.ldif

14. Restart the LDAP service

# systemctl restart slapd.service

Setup phpLdapAdmin:

15. Install apache and php

yum -y install httpdphp php-mbstring php-pear

16. Change the main apache configuration

# vim etc/httpd/conf/httpd.conf

ServerAdmin root@srv.world
ServerName www.srv.world:80
AllowOverride All
DirectoryIndex index.html index.cgi index.php

Note: the required changes line are at line numbers 86, 95, 151 and 164 respectively.

17. Install “phpldapadmin”. (For this we will have to add new repository call “epel”)

# yum install -y epel-release
# yum install -y phpldapadmin

18. Changing the default settings

# vim /etc/phpldapadmin/config.php

$servers->setValue('login','attr','dn');
// $servers->setValue('login','attr','uid');

The above changes are in line numbers 397 to 398

19. Lets change the default VirtualHost  that is coming under phpldapadmin

# vim /etc/httpd/conf.d/phpldapadmin.conf

Require all granted

The change suppose to happen at line number 11

That’s it for setting up “phpldapadmin”. Make sure you enable the required firewall configuration. That’s being done, let go ahead and visit our newly setup phpLDAPAdmin interface.
http://{ip address of the server}/ldapadmin

To login, you will have to provide the
– Login DN: cn=Manager,dc=osradar,dc=com
– Password: in our case, it is “osradar” which we given at step 02 of the

“If you come up to this far, congratulations.. you have now your working LDAP service.”

The post Setting up OpenLdap and phpldapadmin appeared first on Linux Windows and android Tutorials.

Let’s do it.

0. What you need

Installing OpenLDAP on Ubuntu 18.04 is not a really complicated matter, however, it is necessary to have a basic knowledge about the use of the terminal.

Also, your user needs to be able to execute commands with sudo because some commands require root.

With this in mind, you can start the installation without problems.

1. Upgrade the system

In the first place, you need to upgrade the system. It is recommended to get the latest security patches on your system.

:~$ sudo apt update && sudo apt upgrade

Now, you can continue.

2. Set the hostname

The first step is to define the hostname. Run this command:

:~$ sudo hostnamectl set-hostname ldap.osradar.local

And add it to your /etc/hosts file

:~$ echo "192.168.250.6 ldap.osradar.com" | sudo tee -a /etc/hosts

3. Install OpenLDAP

A great advantage of OpenLDAP is that its packages are in the official Ubuntu repositories, which makes installation easy. Just write the following.

:~$ sudo apt install slapd ldap-utils

After downloading the package and during installation you will have to define and confirm the root password.

If you wish to verify that the installation has been carried out effectively. You can use the following command:

:~$ sudo slapcat

As you can see in the image above, OpenLDAP is installed correctly.

4. Add base dn for Users and Groups

it is now necessary to configure OpenLDAP. To do this, the first step is to add to base DN for users and groups.

Create a file called basedn.ldif in your home folder or wherever you want.

:~$ nano basedn.ldif

And add the following:

dn: ou=people,dc=example,dc=com
objectClass: organizationalUnit
ou: people

dn: ou=groups,dc=example,dc=com
objectClass: organizationalUnit
ou: groups

Of course, replace example and com, for your domain properties.

Next, add the configuration file. Run:

:~$ ldapadd -x -D cn=admin,dc=osradar,dc=local -W -f basedn.ldif

Next, install phpLDAPadmin.

5. Install phpLDAPadmin

In order to manage OpenLDAP in a quick and easy way is that you have to install phpLDAPadmin. Let’s do it.

First, install some necessary packages. Among them are Apache web server and PHP.

:~$ sudo apt install apache2 php php-cgi libapache2-mod-php php-mbstring php-common php-pear

Next, it is necessary to enable the php7.2-cgi extension. Then, restart Apache service.

:~$ sudo a2enconf php7.2-cgi
:~$ sudo systemctl reload apache2

Then install phpLDAPadmin.

:~$ sudo apt install phpldapadmin

The next step is to modify the permissions in the phpLDAPadmin configuration file to receive requests from network members.

:~$ sudo nano /etc/apache2/conf-enabled/phpldapadmin.conf

And leave it as I show you in the picture.

With this, we are simply telling phpLDAPadmin to accept requests from network members.

Then, restart Apache.

:~$ sudo systemctl restart apache2

If you use ufw, you must open ports 80 and 443.

:~$ sudo ufw allow 80
:~$ sudo ufw allow 443

Finally, open your favorite web browser and go to http://IP_SERVER_OR_DOMAIN/phpldapadmin

Next, log in.

Finally, you will see this.

And that’s it.

Conclusion

As you can see OpenLDAP is easy to install and configure in Ubuntu, it just remains that you can configure it to your needs.

Please share this article with friends.

The post How to install OpenLDAP on Ubuntu 18.04? appeared first on Linux Windows and android Tutorials.

To simplify the administration of the system users, it is ideal to use a database accessible via LDAP. Centrally storing user accounts in a single repository makes it easy to create, modify, and delete user accounts and user groups

Let’s get to work!!!

Installing OpenLDAP server

To install the openLDAP server we only need to execute the following command with root privileges:

             sudo apt install slapd ldap-utils

When the installation is complete, you have to define the administrator password.

We will check the status of the service to see if the installation was successful.

sudo systemctl status slapd.service

In the previous image we see that the installation was successful and that the service is running.

2.-Basic configuration of the service

When the installation of the packages is finished it does not do so with an appropriate configuration, so we must use dpkg to do it, at least in a basic way.

            sudo dpkg-reconfigure slapd

When you run the above command, you will be asked certain questions. The first is whether we want to skip the LDAP server configuration. We say NO.

The next step is to enter your domain.

You will then ask us for the name of our organization

After that, you will be asked to set the admin password again.

The next step is to define the database backend. We will choose MDB because it is the most efficient in performance and memory consumption.

Do you want the database to be removed when slapd is purged? We say No.

Move old database? we say Yes

We finally got out of the configuration script

3.-Define Configuration in an LDAP Client

The configuration file for all OpenLDAP clients is ldap.conf located in /etc/ldap. We need to edit it.

            sudo nano /etc/ldap/ldap.conf

When we open the file we’ll see something like this:

In this file we only need to specify two things: BASE and URI. BASE is where our DNS is placed, following this formula:

BASE dc=YOUR_DOMAIN,dc=com

Or if you have, a subdomain:

BASE dc=SUB_DOMAIN,dc=YOUR_DOMAIN,dc=com

While URI is the address where the LDAP server is located:

If the server is hosted on the same machine as the client, then we must set the URI to ldap:localhost/

Let’s check that everything is OK, with the execution of the next command:

            ldapsearch -x

The previous image shows the output per terminal of the execution of the ldapsearch command. Seeing 0 success means that everything is in order.

Optional: Install phpLDAPAdmin

It is possible to manage ldap from the command line, but some people prefer a graphical application. PhpLDAPAdmin is a web application used to manage an LDAP server in a simple and intuitive way.

            sudo apt install phpldapadmin

note:phpldapadmin requires a web server to run since it is a browser-based application, if your ubuntu does not have a web server, then the above command will install apache as a dependency.

After installation, we should be able to run phpldapadmin from the browser, but first we’ll modify some things from the configuration files.

            sudo nano /etc/phpldapadmin/config.php

First we will tell phpldapadmin that we will connect from localhost. We’ll go to line 293. Press CTR + _ and write the line number.

Then we go to line 296 and remove the comment to allow the connection through port 389.

Next we will go to line 300 where we will find :

$servers->setValue(‘server’,’base’,array(‘dc=example,dc=com’))

And the substitutes for the following:

$servers->setValue(‘server’,’base’,array());

This is in order for phpldapadmin to recognize the domain arrangement we use in the openLDAP configuration.

On line 335 we proceed to remove the comment and enable TLS.

Finally we disable the anonymous logging. Let’s go to line 453.

We finally got out and finished setting up.

And with this we can access from our browser to phpldapadmin

We enter our credentials and log in

And we will see the following

And this is it. We have installed and configured openLDAP. Now it’s time to take advantage of this fabulous application.

Feel free to share this article with your friends through social networks.

The post How to Install OpenLDAP Server on Ubuntu 18.04? appeared first on Linux Windows and android Tutorials.