Shopping cart

Subtotal $0.00

View cartCheckout

OPENLDAP & PHPLDAP Admin Setup in Linux Installation and Setup

  • Home
  • IT Solution
  • OPENLDAP & PHPLDAP Admin Setup in Linux Installation and Setup
openldap and phpldap Admin Setup in Linux Installation and Setup
IT Solution

1.  OpenLDAP Package Installation:

  • Install the OpenLDAP packages using the following command:
  1. dnf -y update
  2. dnf -y install epel-release epel-next-release
  3. dnf -y install openldap-clients
  4. dnf -y install openldap-servers
  • Check whether it is installed or not by running the command: rpm -qa | grep openldap
  • You need to see the packages like: 

    openldap-2.6.6-3.el9.aarch64
    openldap-clients-2.6.6-3.el9.aarch64
    openldap-servers-2.6.6-3.el9.aarch64

    2.   PHP LDAPadmin Package Installation:

    • Install the phpLDAPadmin package using the following command: 

    dnf -y install phpldapadmin httpd

    • Check whether it is installed or not by running the command: rpm -qa | grep phpldapadmin
    • You need to see the package like: phpldapadmin-1.2.6.6-1.el9.noarch
    • Check whether httpd is installed or not by running the command: rpm -qa | grep httpd
    • You need to see the packages like: 

    httpd-filesystem-2.4.62-1.el9.noarch
    httpd-tools-2.4.62-1.el9.aarch64
    httpd-core-2.4.62-1.el9.aarch64
    centos-logos-httpd-90.8-1.el9.noarch
    httpd-2.4.62-1.el9.aarch64

    • Restart the openldap with the command: systemctl restart slapd.service
    • Check the status using the command: systemctl status slapd.service

    3.  Configuring the LDAP schemas:

    • Route to the /etc/openldap/slapd.d/cn=config folder and run the below commands to add the schemas to the LDAP:
      • ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/cosine.ldif
      • ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/nis.ldif
      • ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/inetorgperson.ldif.

    4.  Configuration of OpenLDAP:

    • Generate a new password: slappasswd
    • Note the new password you are entering, and capture the newly generated encrypted password: {SSHA}z9R6vhb8ej+99+2lI9jZ9XQIYEG1xlsr
    • Create a file base.ldif and add the below content:

    dn: olcDatabase={1}monitor,cn=config

    changetype: modify

    replace: olcAccess

    olcAccess: {0}to * by dn.base=”gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth”

      read by dn.base=”cn=Manager,dc=mindx,dc=com” read by * none

    dn: olcDatabase={2}mdb,cn=config

    changetype: modify

    replace: olcSuffix

    olcSuffix: dc=mindx,dc=com

    dn: olcDatabase={2}mdb,cn=config

    changetype: modify

    replace: olcRootDN

    olcRootDN: cn=Manager,dc=mindx,dc=com

    dn: olcDatabase={2}mdb,cn=config

    changetype: modify

    add: olcRootPW

    olcRootPW: {SSHA}8fY17f+DY54UmWZyZdfehWZ2N/8u+oyi

    dn: olcDatabase={2}mdb,cn=config

    changetype: modify

    add: olcAccess

    olcAccess: {0}to attrs=userPassword,shadowLastChange by

      dn=”cn=Manager,dc=mindx,dc=com” write by anonymous auth by self write by * none

    olcAccess: {1}to dn.base=”” by * read

    olcAccess: {2}to * by dn=”cn=Manager,dc=mindx,dc=com” write by * read

    • Replace olcRootPW and dn details with your own details and save the file.
    • Execute the below command: ldapmodify -Y EXTERNAL -H ldapi:/// -f  base.ldif
    • Run the command to check your configuration status: slaptest -u
    • You need to get the response as below: config file testing succeeded

      ldapmodify:
    • Purpose: The ldapmodify command is used to modify existing entries in an LDAP directory. It can update, replace, add, or delete attributes within an existing entry, or delete entire entries.
    • How It Works: It reads LDIF data that specifies the changes to be made, and then applies those changes to the LDAP server.

      Create a file domain.ldif and add the below content:

      dn: dc=mindx,dc=com
      objectClass: top
      objectClass: dcObject
      objectclass: organization
      o: mindX Com
      dc: mindx

      dn: cn=Manager,dc=mindx,dc=com
      objectClass: organizationalRole
      cn: Manager
      description: Directory Manager

      dn: ou=People,dc=mindx,dc=com
      objectClass: organizationalUnit
      ou: People

      dn: ou=Group,dc=mindx,dc=com
      objectClass: organizationalUnit
      ou: Group
    • Replace dn details with your own details and save the file.
    • Execute the below command: ldapadd -x -D cn=Manager,dc=mindx,dc=com -W -f domain.ldif
    • The above command prompt you for the password, Provide the plan password which you use while generating SSH password.

      ldapadd:
    • Purpose: The ldapadd command is specifically used to add new entries to an LDAP directory. It works similarly to ldapmodify, but it only supports adding new entries, not modifying or deleting existing ones.
    • How It Works: It reads LDIF data that defines new entries and sends them to the LDAP server to be added to the directory.

    5.  Configuring the phpLDAPadmin:

    • Edit phpldapadmin configuration file (/etc/httpd/conf.d/phpldapadmin.conf) and comment #Require local and add a new line Require all granted
    •  Edit the configuration file as mentioned below /etc/phpldapadmin/config.php 
      •     $servers->setValue(‘login’,’attr’,’dn’);
      • // $servers->setValue(‘login’,’attr’,’uid’); 
        (line no. 453 and 454)
    • systemctl restart httpd – to restart the service after the changes
    • Login to the URL and verify the connectivity –   http://192.168.64.10/phpldapadmin/cmd.php?server_id=1&redirect=true

    6.  Temporarily Disabling SES Linux Enforcement:

    • Most of the cases with the above configuration login should works if you are facing any error then do the below steps.
    • Execute the command: sudo getenforce
    • If you see enforcing as response run the command: sudo setenforce 0Now re-run sudo getenfocre command, now you will be able to see permissive as response.
    • The command sudo setenforce 0 is used to temporarily disable SELinux (Security-Enhanced Linux) enforcement by switching SELinux from enforcing mode to permissive mode.
    • When SELinux is in enforcing mode, it restricts access based on policies that define what processes and users can access on the system. It can block or prevent certain actions (like accessing files or running services) if they violate the security policies.
    • The command setenforce 0 changes SELinux to permissive mode, where SELinux no longer enforces its policies. Instead of blocking actions, it only logs what would have been blocked, allowing you to troubleshoot issues without SELinux intervening.

    7.  New User Creation via phpLDAPadmin:

    • In the next step provide the username and password for the new user and click on “Create Object”
    • In the next window click on “Commit”.
    • Now you can be able to see the user Parvathi got created in the tree, under ou=people.

    Steps to reset the password for phpLDAPadmin root account:

    1. Login with the root user and execute the below command to set the new password.
      • slappasswd
    2. It will prompt you to enter the plain text password which you want to set then it will generate an encrypted SSH password. 
    3. Copy that encrypted password and update the value in the file base.ldif for the key olcRootPW.
    4. Restart the slapd service with the below command.
      • service slapd restart
    5. Restart the httpd service with the below command.
      • systemctl restart httpd
    6. Now try to login with PHPLDAPadmin UI page with the new password.

    Leave A Comment

    Your email address will not be published. Required fields are marked *