Ubuntu/openldap

From r00tedvw.com wiki
(Difference between revisions)
Jump to: navigation, search
(create new site conf)
Line 33: Line 33:
 
     ErrorLog /var/log/apache2/ldap.domain.com-error.log
 
     ErrorLog /var/log/apache2/ldap.domain.com-error.log
 
     CustomLog /var/log/apache2/ldap.domain.com-access.log common
 
     CustomLog /var/log/apache2/ldap.domain.com-access.log common
</VirtualHost>
+
</VirtualHost></nowiki>
 
====finishing touches====
 
====finishing touches====
 
Now use iptables to restrict access to port 8080 to only the ip addresses you'll use to manage it.
 
Now use iptables to restrict access to port 8080 to only the ip addresses you'll use to manage it.

Revision as of 21:52, 18 August 2015

Performed on Ubuntu 14.04 LTS

Contents

Installing

~$ sudo apt-get update && sudo apt-get install slapd ldap-utils -y

It should ask for you to setup an administrator password.

Configuring

By default openldap does not ask you for any configuration settings when installing. You must do this afterwards which means it may not be fully functional directly have installation.

~$ sudo dpkg-reconfigure slapd
  • Omit OpenLDAP server configuration? No
  • DNS domain name? domain.com
  • Organization name? domain
  • Administrator password? setup password
  • Database backend? HDB
  • Remove the database when slapd is purged? No
  • Move old database? Yes
  • Allow LDAPv2 protocol? No

Installing phpLDAPadmin

Very useful web interface for administration

~$ sudo apt-get update && sudo apt-get install phpldapadmin -y

Modifying setup of phpLDAPadmin

By default phpLDAPadmin creates a conf configuration file under /etc/apache2/conf-available and enables it with some mod-rewrite magic so that when someone goes to domain.com/phpldapadmin it pulls the page from this conf's document root. While this way probably works for most, tweaking this to restrict access can be complicated, so I'd rather have it run on a non-standard port which i can use iptables to restrict access to.

disable conf

~$ sudo a2disconf phpldapadmin.conf

create new site conf

Instead of a conf under ~/conf-enabled I personally prefer virtual hosts to be placed under ~/sites-available.
Create a new .conf such as ldap.domain.com.conf. In this example i'm setting it as a subdomain and making apache listen on port 8080 for this virtualhost.

~$ sudo vi /etc/apache2/sites-available/ldap.domain.com.conf
<VirtualHost *:8080>
    ServerName ldap.domain.com
    ServerAdmin [email protected]
    DocumentRoot /usr/share/phpldapadmin
    ErrorLog /var/log/apache2/ldap.domain.com-error.log
    CustomLog /var/log/apache2/ldap.domain.com-access.log common
</VirtualHost>

finishing touches

Now use iptables to restrict access to port 8080 to only the ip addresses you'll use to manage it.

Personal tools
Namespaces

Variants
Actions
Navigation
Mediawiki
Confluence
DevOps Tools
Open Source Products
Ubuntu
Ubuntu 22
Mac OSX
Oracle Linux
AWS
Windows
OpenVPN
Grafana
InfluxDB2
TrueNas
MagicMirror
OwnCloud
Pivotal
osTicket
OTRS
phpBB
WordPress
VmWare ESXI 5.1
Crypto currencies
HTML
CSS
Python
Java Script
PHP
Raspberry Pi
Canvas LMS
Kaltura Media Server
Plex Media Server
MetaSploit
Zoneminder
ShinobiCE
Photoshop CS2
Fortinet
Uploaded
Certifications
General Info
Games
Meal Plans
NC Statutes
Politics
Volkswagen
Covid
NCDMV
Toolbox