Ubuntu/openldap
(→create new site conf) |
|||
Line 33: | Line 33: | ||
ErrorLog /var/log/apache2/ldap.domain.com-error.log | ErrorLog /var/log/apache2/ldap.domain.com-error.log | ||
CustomLog /var/log/apache2/ldap.domain.com-access.log common | CustomLog /var/log/apache2/ldap.domain.com-access.log common | ||
− | </VirtualHost> | + | </VirtualHost></nowiki> |
====finishing touches==== | ====finishing touches==== | ||
Now use iptables to restrict access to port 8080 to only the ip addresses you'll use to manage it. | Now use iptables to restrict access to port 8080 to only the ip addresses you'll use to manage it. |
Revision as of 21:52, 18 August 2015
Performed on Ubuntu 14.04 LTS
Contents |
Installing
~$ sudo apt-get update && sudo apt-get install slapd ldap-utils -y
It should ask for you to setup an administrator password.
Configuring
By default openldap does not ask you for any configuration settings when installing. You must do this afterwards which means it may not be fully functional directly have installation.
~$ sudo dpkg-reconfigure slapd
- Omit OpenLDAP server configuration? No
- DNS domain name? domain.com
- Organization name? domain
- Administrator password? setup password
- Database backend? HDB
- Remove the database when slapd is purged? No
- Move old database? Yes
- Allow LDAPv2 protocol? No
Installing phpLDAPadmin
Very useful web interface for administration
~$ sudo apt-get update && sudo apt-get install phpldapadmin -y
Modifying setup of phpLDAPadmin
By default phpLDAPadmin creates a conf configuration file under /etc/apache2/conf-available and enables it with some mod-rewrite magic so that when someone goes to domain.com/phpldapadmin it pulls the page from this conf's document root. While this way probably works for most, tweaking this to restrict access can be complicated, so I'd rather have it run on a non-standard port which i can use iptables to restrict access to.
disable conf
~$ sudo a2disconf phpldapadmin.conf
create new site conf
Instead of a conf under ~/conf-enabled I personally prefer virtual hosts to be placed under ~/sites-available.
Create a new .conf such as ldap.domain.com.conf. In this example i'm setting it as a subdomain and making apache listen on port 8080 for this virtualhost.
~$ sudo vi /etc/apache2/sites-available/ldap.domain.com.conf <VirtualHost *:8080> ServerName ldap.domain.com ServerAdmin [email protected] DocumentRoot /usr/share/phpldapadmin ErrorLog /var/log/apache2/ldap.domain.com-error.log CustomLog /var/log/apache2/ldap.domain.com-access.log common </VirtualHost>
finishing touches
Now use iptables to restrict access to port 8080 to only the ip addresses you'll use to manage it.