LDAP, which is short for Lightweight Directory Access Protocol, is a protocol derived from Active Directory, used to manage data stored in a single server, and through the usage of file and directory hierarchy, allows us to manage related information on software and devices located outside that central location.
LDAP today is mostly used as a central authentication database, enabling access to multiple resources using a single account.
Today we will talk about how to implement this feature of LDAP on Ubuntu 19.04 or any Debian-based operating system for that matter. The most known LDAP server software is OpenLDAP, so we will be installing it in this guide.
Installing OpenLDAP
Because the software for the OpenLDAP server is located in the default repository for Ubuntu, with the name slapd, it can easily be installed using apt-get. There are some required dependencies to be installed along with OpenLDAP:
sudo apt-get update
sudo apt-get install slapd ldap-utils
After the initial install, a prompt will appear requiring you to input the password for the LDAP administrator account.
Configuration of slapd
Once this step is complete, a configuration for the LDAP package is required. We will do this through the use of the following command:
sudo dpkg-reconfigure slapd
Afterward, a series of questions will be asked on which you will be required to answer in order to generate a proper configuration file.
- Omit OpenLDAP server configuration
- DNS domain name (this will create the default structure of the directory). You can either use a real domain or a fictive one. We will be using example.com
- Organization name
- Administrator password (this will require the password set earlier)
- Database backend to use
- Remove the database when slapd is purged
- Move old database
- Allow LDAPv2 protocol
Installing PHPldapadmin
The web interface through which OpenLDAP is managed comes in the form of PHPldapadmin. This will be installed from the Ubuntu repository.
sudo apt-get install phpldapadmin
Through this command, we will install the webserver and PHP dependencies required for it.
How to configure PHPldapadmin
In order to make the web interface functional, we need to edit the config file using the root credentials:
sudo vim /etc/phpldapadmin/config.php
We need to set the domain name or IP address associated with the server in order to be able to access the web interface:
servers->setValue(‘server’,’host’,’IP‘);
We need to use the same DNS name we used previously, for the next part, but in a format that can be understood by LDAP, by separating each component through a dot. These components are regarded as values to the dc value.
$servers->setValue(‘server’,’base’,array(‘dc=example,dc=com‘));
The following value will use the same domain components provided earlier. Insert them after the cn=admin value:
$servers->setValue(‘login’,’bind_id’,’cn=admin,dc=example,dc=com‘);
We can now close the file, but not before saving the changes made through the use of the following command:
:wq!
We can now access OpenLDAP by going to the following address in a web browser:
IP/phpldapadmin
After receiving the log in the server prompt, we have to use the following credentials for a successful login:
“cn=admin,dc=example,dc=com”.
For the password field, we need to use the password entered during the slapd config step.
This is the initial setup of the OpenLDAP server and now you can begin and populate the field to make it functional.