Académique Documents
Professionnel Documents
Culture Documents
4 Server
System Specification:
The Same Server that I used in my previous posts “Configure Remote
Authentication Server using OpenLDAP 2.4” and “OpenLDAP
Administration using phpLDAPAdmin”.
We can add as much entries as we like in the same way. However, for
the sake of demonstration, I am adding only 4 entries.
System Specification:
The same server that I used in my previous post “Configure Remote Authentication Server using OpenLDAP 2.4“.
Configure phpLDAPadmin:
First of all, I must add the EPEL yum Repository, to ease the installation of phpLDAPAdmin.
[root@ldapserver ldap]# rpm -ivh https://dl.fedoraproject.org/pub/epel/epel-release-
latest-7.noarch.rpm
Retrieving https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
warning: /var/tmp/rpm-tmp.HqBu3J: Header V3 RSA/SHA256 Signature, key ID 352c64e5: NOKEY
Preparing... ################################# [100%]
Updating / installing... 1:epel-release-7-
11 ################################# [100%]
[root@ldapserver ldap]# yum makecache
Now, install phpLDAPAdmin, Apache and PHP.
[root@ldapserver ldap]# yum -y install phpldapadmin httpd php
Enable and Start Apache service.
[root@ldapserver ldap]# systemctl enable httpd && systemctl start httpd
ln -s '/usr/lib/systemd/system/httpd.service' '/etc/systemd/system/multi-
user.target.wants/httpd.service'
Allow Apache service port thru firewall.
[root@ldapserver ldap]# firewall-cmd --permanent --add-service=http
success
[root@ldapserver ldap]# firewall-cmd --reload
success
Edit the phpMyadmin web server configurations. Final configurations after editing should be like this (the change is
highlighted in yellow color).
[root@ldapserver ldap]# cat /etc/httpd/conf.d/phpldapadmin.conf
#
# Web-based tool for managing LDAP servers
#
<Directory /usr/share/phpldapadmin/htdocs>
<IfModule mod_authz_core.c>
# Apache 2.4 Require all granted
</IfModule>
<IfModule !mod_authz_core.c>
# Apache 2.2
Order Deny,Allow
Deny from all
Allow from 127.0.0.1
Allow from ::1
</IfModule>
</Directory>
[root@ldapserver ldap]# systemctl restart httpd
Open URL http://ldapserver.itlab.com/phpldapadmin in web browser.
To keep the scope limited, I am running phpLDAPAdmin application without SSL. Therefore, it is
displaying Warning: This web connection is unencrypted . To run it over an encrypted
connection, please refer to my previous post Convert an Apache Website from HTTP to HTTPs.
phpLDAPadmin can manage multiple LDAP Servers. We should add our LDAP Server to it.
[root@ldapserver config]# vi /usr/share/phpldapadmin/config/config.php
Add following lines before the php end-tag i.e. ?>
$servers->newServer('ldap_pla');
$servers->setValue('server','name','ldapserver.itlab.com');
$servers->setValue('server','host','127.0.0.1');
$servers->setValue('server','port',389);
$servers->setValue('server','base',array('dc=itlab,dc=com'));
$servers->setValue('login','auth_type','cookie');
$servers->setValue('login','bind_id','cn=ldapadm,dc=itlab,dc=com');
$servers->setValue('login','bind_pass','123');
$servers->setValue('server','tls',false);
Login to web console using LDAP Manager User.
phpLDAPadmin application has been deployed and our OpenLDAP Directory Server has been added to it.
System Specification:
For this demonstration, I have provisioned a VM with following specification. Please do
not confuse these specification with the minimum system requirements for OpenLDAP.
CPU 2.4 Ghz (1 core)
Memory 1 GB
Storage 20 GB
Swap 2 GB
Operating System RHEL 7.0
I have done some initial configurations in VM, that includes setting up hostname, IP
address and Yum Repository.
Hostname ldapserver.itlab.com
IP Address 192.168.116.3/24
Configure LDAP Server:
Login to VM with root user, and install openldap packages.
[root@ldapserver ~]# yum -y install openldap compat-openldap openldap-clients openldap-
servers openldap-devel
Create database from template.
[root@ldapserver ldap]# cp /usr/share/openldap-servers/DB_CONFIG.example
/var/lib/ldap/DB_CONFIG
[root@ldapserver ldap]# slaptest -u
config file testing succeeded
[root@ldapserver ldap]# chown ldap:ldap /var/lib/ldap/*
Start and Enable the slapd service.
[root@ldapserver ~]# systemctl enable slapd && systemctl start slapd
ln -s '/usr/lib/systemd/system/slapd.service' '/etc/systemd/system/multi-
user.target.wants/slapd.service'
Allow ldaps port in Firewall.
[root@ldapserver ~]# firewall-cmd --permanent --add-service=ldaps
success
[root@ldapserver ~]# firewall-cmd --reload
success
Configure OpenLDAP syslog.
[root@ldapserver ~]# cat >> /etc/rsyslog.conf << EOF
> #LDAP Logging
> local4.* /var/log/openldap.log
> EOF
[root@ldapserver ~]# systemctl restart rsyslog
Add required schemas to our OpenLDAP Directory.
[root@ldapserver ~]# ldapadd -Y EXTERNAL -H ldapi:/// -D "cn=config" -f
/etc/openldap/schema/cosine.ldif
SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0
adding new entry "cn=cosine,cn=schema,cn=config"
There are various commercial and free LDAP Directory Browsers and Admins tools are
available. I used LDAPAdmin for this job.