How to Install OpenLDAP with phpLDAPadmin on an Nginx Server

The Lightweight Directory Access Protocol, better known as LDAP. It used to manage and access related information in a centralized, hierarchical file and directory structure. An LDAP information directory is a type of database, but it's not a relational database. And unlike databases that are designed for processing hundreds or thousands of changes per minute - such as the Online Transaction Processing (OLTP) systems often used in e-commerce - LDAP directories are heavily optimized for read performance.

Most LDAP servers are simple to install, easily maintained, and easily optimized. In this tutorial, I will provide you instructions on how to install OpenLDAP on an Ubuntu 16.04 server and manage it easily using PHPldapadmin.

Installation of OpenLDAP

First of all, we need to Install the OpenLDAP server daemon and the traditional LDAP management utilities. These are found in packages slapd and ldap-utils respectively.

$apt install slapd ldap-utils

The installation of slapd will create a working configuration. In particular, it will create a database instance that you can use to store your data. However, the base DN of this instance will be determined from the domain name of the localhost. It will be taken as in the /etc/hosts file. Therefore, it is recommended to modify your hostname with a FQDN and set proper entries in the hosts file. In my case, I've set my hostname to "ldap01.linoxide.com".

During the installation, you will be asked to select and confirm an administrator password for LDAP. You can actually reset it in future if you need.

How to Reconfigure Slapd settings

During the initial installation, the package was just installed with the default settings. Now we're going to reconfigure it with our required settings. During this stage, it will ask so many questions.

$dpkg-reconfigure slapd

These are the few stages during the reconfigure phase.

  1. Omit OpenLDAP configuration Yes/No : No
  2. DNS domain name : ldap01.linoxide.com
  3. Organization name : You can give the preferred name.
  4. Administrator Password
  5.  Confirm Admin Password
  6. Database Backend to use : HDB

You can refer /usr/share/doc/slapd/README.Debian.gz for more details.

7. Do you want to remove the database when slapd is purged? Yes/No : Yes
8. Move old database? Yes/No : Yes
9. Allow LDAPv2 Protocol? Yes/No : No

After the installation, you can confirm the slap settings by running the command "slapcat".

root@ldap01:~# slapcat
dn: dc=ldap01,dc=linoxide,dc=com
objectClass: top
objectClass: dcObject
objectClass: organization
o: VIP
dc: ldap01
structuralObjectClass: organization
entryUUID: 5aa381ee-6023-1036-9173-3d709bfb7bb0
creatorsName: cn=admin,dc=ldap01,dc=linoxide,dc=com
createTimestamp: 20161227015557Z
entryCSN: 20161227015557.816230Z#000000#000#000000
modifiersName: cn=admin,dc=ldap01,dc=linoxide,dc=com
modifyTimestamp: 20161227015557Z

dn: cn=admin,dc=ldap01,dc=linoxide,dc=com
objectClass: simpleSecurityObject
objectClass: organizationalRole
cn: admin
description: LDAP administrator
userPassword:: e1NTSEF9TXBudUpGK3JhWVd1WXBIMFJHZ2ZkTGpGQ2oxem5xQ2o=
structuralObjectClass: organizationalRole
entryUUID: 5aa41e24-6023-1036-9174-3d709bfb7bb0
creatorsName: cn=admin,dc=ldap01,dc=linoxide,dc=com
createTimestamp: 20161227015557Z
entryCSN: 20161227015557.820223Z#000000#000#000000
modifiersName: cn=admin,dc=ldap01,dc=linoxide,dc=com
modifyTimestamp: 20161227015557Z

How to install Nginx and PHP

Our next step is to install Nginx and PHP. Unlike Apache, Nginx does not offer mod_php. You can not use PHP in CGI either! It will be necessary to use FastCGI and configure it so that it starts the process PHP.

$apt-get install ngnix
$apt-get install php7.0-fpm

Now we can check the PHP working by putting a PHP info page namely info.php with contents (<?php phpinfo(); ?>) under the /usr/nginx/html/www and modify our default virtual host (/etc/nginx/sites-available/default) with our hostname.

server {
listen 80;
server_name ldap01.linoxide.com;
root /usr/share/nginx/www;
index index.php index.html;

access_log /var/log/nginx/localhost.access.log;
location ~ \.php$ {
include snippets/fastcgi-php.conf;

# With php7.0-cgi alone:
fastcgi_pass unix:/run/php/php7.0-fpm.sock;
}
}

You can access the URL >>ldap01.linoxide.com/info.php to confirm its working.

How to install phpLDAPadmin

Although it is possible to administer LDAP through the command line, most users will prefer an easier way to manage it using a web interface. Let's install phpLDAPadmin, which provides this functionality, to help remove some of the friction of learning the LDAP tools. It can be installed with a single command as below:

$apt-get install phpldapadmin

Our web server is configured to serve this application. But we need to make necessary changes in our Nginx virtual host to make it work as required. I've modified my default Virtual host file to load this application as required.

Configuring phpLDAPadmin

The package is installed, now we need to configure a few things so that it can connect to our  LDAP directory structure that was created during the OpenLDAP configuration stage.

First of all, open up the main configuration file (/etc/phpldapadmin/config.php) with root privileges in your text editor and make the following changes with your server IP and the LDAP server base DNS name.

And finally,  we need to adjust a setting to control the visibility of warning messages. By default, phpLDAPadmin will throw quite a few annoying warning messages in its web interface about the template files that have no impact on the functionality.

We can hide these by searching for the hide_template_warning parameter, uncommenting the line that contains it, and setting it to "true":

$config->custom->appearance['hide_template_warning'] = true;

Save all these changes in the configuration file.

Creating the Virtual host for phpLDAPadmin

Since I don't have any particular configuration, I've modified my default Virtual host to allow this application. You can modify this with your preferred hostname.

$ cat /etc/nginx/sites-available/default
server {
server_name ldap01.linoxide.com;
listen 80;

# document root
root /usr/share/nginx/www;
index index.php index.html index.htm;

# application: phpldapadmin
location /phpldapadmin {
alias /usr/share/phpldapadmin/htdocs;
index index.php index.html index.htm;
}
location ~ ^/phpldapadmin/.*\.php$ {
root /usr/share;
if ($request_filename !~* htdocs) {
rewrite ^/phpldapadmin(/.*)?$ /phpldapadmin/htdocs$1;
}
fastcgi_pass unix:/run/php/php7.0-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $request_filename;
include fastcgi_params;
}

# logging
error_log /var/log/nginx/phpldapadmin.error.log;
access_log /var/log/nginx/phpldapadmin.access.log;
}

After making this changes restart the Nginx and php-fpm to update these changes. Now we can access our phpLDAPadmin web interface by just calling this URL in the browser >>http://ldap01.linoxide.com/phpldapadmin/.

You can log in with the LDAP admin credentials created during the installation phase.

 

Howdy! we are done with the phpLDAPadmin. I believe with this you can easily manage your LDAP server.  You have the ability to add users, organizational units, groups, and relationships from the phpLDAPadmin interface. LDAP is flexible in how you wish to structure your data and directory hierarchies.

Conclusion

We should now have OpenLDAP installed and configured on our Ubuntu 16.04 server with Nginx Web server. In additional, we have installed and configured a web interface to easily manage your LDAP structure through the phpLDAPadmin program. The system that we have set up is quite flexible and you should be able to design your own organizational schema and manage groups of resources as your needs demand.

I hope this article will be useful for you. Please post your valuable suggestions and comments on this.

About Saheetha Shameer

I'm working as a Senior System Administrator. I'm a quick learner and have a slight inclination towards following the current and emerging trends in the industry. My hobbies include hearing music, playing strategy computer games, reading and gardening. I also have a high passion for experimenting with various culinary delights :-)

Author Archive Page

Have anything to say?

Your email address will not be published. Required fields are marked *

All comments are subject to moderation.