Ubuntu/openldap

From r00tedvw.com wiki
Revision as of 23:25, 18 August 2015 by R00t (Talk | contribs)

Jump to: navigation, search

Performed on Ubuntu 14.04 LTS

Contents

Installing

~$ sudo apt-get update && sudo apt-get install slapd ldap-utils -y

It should ask for you to setup an administrator password.

Configuring

By default openldap does not ask you for any configuration settings when installing. You must do this afterwards which means it may not be fully functional directly have installation. 

~$ sudo dpkg-reconfigure slapd
  • Omit OpenLDAP server configuration? No
  • DNS domain name? domain.com
  • Organization name? domain
  • Administrator password? setup password
  • Database backend? HDB
  • Remove the database when slapd is purged? No
  • Move old database? Yes
  • Allow LDAPv2 protocol? No

Installing phpLDAPadmin

Very useful web interface for administration 

~$ sudo apt-get update && sudo apt-get install phpldapadmin -y

Modifying setup of phpLDAPadmin

By default phpLDAPadmin creates a conf configuration file under /etc/apache2/conf-available and enables it with some mod-rewrite magic so that when someone goes to domain.com/phpldapadmin it pulls the page from this conf's document root. While this way probably works for most, tweaking this to restrict access can be complicated, so I'd rather have it run on a non-standard port which i can use iptables to restrict access to.

disable conf

~$ sudo a2disconf phpldapadmin.conf

create new site conf

Instead of a conf under ~/conf-enabled I personally prefer virtual hosts to be placed under ~/sites-available.
Create a new .conf such as ldap.domain.com.conf. In this example i'm setting it as a subdomain and making apache listen on port 8080 for this virtualhost. 

~$ sudo vi /etc/apache2/sites-available/ldap.domain.com.conf
<VirtualHost *:8080>
    ServerName ldap.domain.com
    ServerAdmin [email protected]
    DocumentRoot /usr/share/phpldapadmin
    ErrorLog /var/log/apache2/ldap.domain.com-error.log
    CustomLog /var/log/apache2/ldap.domain.com-access.log common
</VirtualHost>

finishing touches

  • Now use iptables to restrict access to port 8080 to only the ip addresses you'll use to manage it.
  • Make sure apache is listening on the non-standard port
  • enable the new apache site
  • restart apache (or reload)

Configure phpLDAPadmin

/etc/phpldapadmin/config.php

Adjust the following lines 

~$ sudo vi /etc/phpldapadmin/config.php
$servers->setValue('server','name','ldap.domain.com');
$servers->setValue('server','host','ldap.domain.com');
$servers->setValue('server','base',array('dc=ldap,dc=domain,dc=com'));
$servers->setValue('login','bind_id','cn=admin,dc=ldap,dc=domain,dc=com');

Uncomment the following to prevent annoying warning messages about template files that have no impact on functionality 

~$ sudo vi /etc/phpldapadmin/config.php
search for hide_template_warning
$config->custom->appearance['hide_template_warning'] = false;
Retrieved from "https://wiki.r00tedvw.com/index.php?title=Ubuntu/openldap&oldid=890"
Personal tools
Namespaces

Variants
Actions
Navigation
Mediawiki
Confluence
DevOps Tools
Ubuntu
Ubuntu 22
Mac OSX
Oracle Linux
AWS
Windows
OpenVPN
Grafana
InfluxDB2
TrueNas
OwnCloud
Pivotal
osTicket
OTRS
phpBB
WordPress
VmWare ESXI 5.1
Crypto currencies
HTML
CSS
Python
Java Script
PHP
Raspberry Pi
Canvas LMS
Kaltura Media Server
Plex Media Server
MetaSploit
Zoneminder
ShinobiCE
Photoshop CS2
Fortinet
Uploaded
Certifications
General Info
Games
Meal Plans
NC Statutes
2020 Election
Volkswagen
Covid
NCDMV
Toolbox