OpenLDAP also known as Lightweight Directory Access Protocol is a free open source Light Weight Directory Access protocol developed by the OpenLDAP project. It is a platform independent protocol, so it runs on all Linux/Unix like systems, Windows, AIX, Solaris and Android. OpenLDAP is specially designed to manage and access hierarchical directory information over a network, and also used as a centralized authentication system, shared directory, address book, etc. Any LDAP client can access organizational information stored on OpenLDAP server using the Lightweight Directory Access Protocol (LDAP). OpenLDAP is efficient on both reading and modifying data in the directory. OpenLDAP servers are most commonly used to provide centralized management of user accounts.
OpenLDAP has three main components:
slapd : stand-alone LDAP daemon.
libraries : implementing the LDAP protocol, and utilities, tools, and sample clients.
client software : ldapsearch, ldapadd, ldapdelete, and others.
- Support for Simple Authentication and Security Layer and Transport Layer Security.
- Supports the next generation Internet Protocol IPv6.
- Schema Discovery.
- Extensibility (controls, extended operations, and more).
- Internationalization through the use of Unicode
In this tutorial. I am going to explain how to install and configure OpenLDAP and phpLDAPadmin on an Alibaba Cloud Elastic Compute Service (ECS) Ubuntu 16.04 server.
- A fresh Alibaba Cloud Ubuntu 16.04 instance.
- A static IP address is configured.
- A root password is set up to your instance.
Launch ECS Instance
First, log in to your Alibaba Cloud ECS Console. Create a new ECS instance, choosing Ubuntu 16.04 as the operating system with at least 2GB RAM. Connect to your ECS instance and log in as the root user.
Once you are logged into your Ubuntu 16.04 instance, run the following command to update your base system with the latest available packages.
apt-get update -y
By default, OpenLDAP packages are available in the Ubuntu 16.04 default repository. You can install it by just running the following command:
apt-get install slapd ldap-utils -y
During the installation process, you will be asked to create a password for the LDAP admin user as shown below:
Provide a password for admin user and press OK to start the installation. Once the installation has been completed, you can check the status of the server with the following command:
systemctl status slapd
slapd.service - LSB: OpenLDAP standalone server (Lightweight Directory Access Protocol)
Loaded: loaded (/etc/init.d/slapd; bad; vendor preset: enabled)
Active: active (running) since Fri 2018-08-31 20:26:05 IST; 2min 5s ago
└─16622 /usr/sbin/slapd -h ldap:/// ldapi:/// -g openldap -u openldap -F /etc/ldap/slapd.dAug 31 20:26:05 Node1 systemd: Starting LSB: OpenLDAP standalone server (Lightweight Directory Access Protocol)...
Aug 31 20:26:05 Node1 slapd: * Starting OpenLDAP slapd
Aug 31 20:26:05 Node1 slapd: @(#) $OpenLDAP: slapd (Ubuntu) (May 22 2018 13:54:12) $
Aug 31 20:26:05 Node1 slapd: slapd starting
Aug 31 20:26:05 Node1 slapd: ...done.
Aug 31 20:26:05 Node1 systemd: Started LSB: OpenLDAP standalone server (Lightweight Directory Access Protocol).
Configure OpenLDAP Server
OpenLDAP server is now installed, it’s time to configure it. You can configure it by running the following command:
Durring the configuration process. You will need to answer a few questions as shown below:
Click on the No button, you should see the following page:
Here, provide the DNS domain name to construct the base DN of LDAP and click on the OK. You should see the following page:
Here, provide the name of the organization and click on the OK. You should see the following page:
Here, provide the password for the Administrator account and click on the OK. You should see the following page:
Here, select database backend MDB and click on the OK. You should see the following page:
Here, click on No button. You should see the following page:
Next, click on the Yes button. You should see the following page:
Here, click on the No button. The installation process is now started. Once the installation has been completed. You should see the following output:
Moving old database directory to /var/backups:
- directory unknown... done.
Creating initial configuration... done.
Creating LDAP directory... done.
OpenLDAP server is now installed and configured. You can check it whether it is working or not by running the following command:
If everything went fine. You should see the following output:
# extended LDIF
# base <dc=example,dc=com> (default) with scope subtree
# filter: (objectclass=*)
# requesting: ALL
dc: example# admin, example.com
description: LDAP administrator# search result
result: 0 Success# numResponses: 3
# numEntries: 2
phpLDAPadmin is a graphical administration tool for LDAP server administration. It is written in PHP language and provides an easy way to manage LDAP servers over a web interface. By default, phpLDAPadmin is available in the Ubuntu 16.04 default repository. You can install it by just running the following command:
apt-get install phpldapadmin -y
The above command will install the application with Apache and enable the necessary Apache configurations. Next, you will need to configure phpLDAPadmin to use your domain. You can do this by editing its default configuration file:
Make the following changes:
#Disallow public access by comment out the following line:
$config->custom->appearance['hide_template_warning'] = true;
Save and close the file, then restart slapd to apply the changes:
systemctl restart slapd
Access phpLDAPadmin Web Interface
Now, open your web browser and type the URL http://example.com/phpldapadmin. You will be redirected to the following page:
Now, log in using the username “cn=admin,dc=example,dc=com” and the admin password you created during configuration. Then click on the Authenticate button. You should see the phpLDAPadmin default dashboard in the following page:
Next, create some basic structure for your information like Organizational Units, Groups and Users. To do so, click on the “plus” next to the domain components (dc=example,dc=com). You should see the following page:
Create Organization Unit
Now, click on the “Create new entry here” link on the left-hand side. You should see the different kinds of entries in the following page:
Now, click on the “Generic: Organizational Unit”. You will be asked to provide the name of your organizational unit. Type groups and click on the Create Object button. You should see the following page:
Now, click on the Commit button. You can see a new entry on the left-hand side:
Next, create another Organizational Unit “Users” with the same procedure. You should see the following page:
Next, you will need to create the groups within the “groups” organizational unit. To do so, click on the “groups” category you created. In the main pane, click on the “Create a child entry”. You should see the following page:
Here, choose the “Generic: Posix Group” category. You should see the following page:
Now, provide group name as admin and click on the Create Object button. You should see the following page:
You can see an overview of the entries in the “ou=groups” category by clicking on that entry, and then clicking on “View 3 children”. You should see the following page:
Congratulations! You have successfully installed and configure OpenLDAP and phpLDAPadmin on your Elastic Compute Service (ECS) Ubuntu 16.04 server. You should now have a basic LDAP server set up with a few users and groups. You can now easily expand this information and add all of the different organizational structures to replicate the structure of your business.