phpldapadmin
---------
Install phpLDAPAdmin:
Now you can install phpLDAPAdmin using “yum” on CentOS and “apt-get” on Ubuntu respectively.
### CentOS 7 / RHEL 7 ### # yum install -y phpldapadmin ### Ubuntu 16.04 ### $ sudo apt-get update $ sudo apt-get install -y phpldapadmin
Configure Apache virtual host on CentOS 7 / RHEL 7:
By default, phpLDAPAdmin places the web config file in /etc/httpd/conf.d directory; it has rules and access permission. phpLDAPAdmin can be accessed only from the localhost (127.0.0.1), to change that; we have to edit the phpldapadmin.conf file.
In CentOS 7, web access is managed by mod_authz_core.c module; so regular allow or deny rules won’t work even if you modify.
# vi /etc/httpd/conf.d/phpldapadmin.conf
Update the configuration file shown like below. Hash out the Red and Add the Green one.
Alias /phpldapadmin /usr/share/phpldapadmin/htdocs Alias /ldapadmin /usr/share/phpldapadmin/htdocs usr/share/phpldapadmin/htdocs> <IfModule mod_authz_core.c> # Apache 2.4 # Require local Require all granted IfModule> <IfModule !mod_authz_core.c> # Apache 2.2 Order Deny,Allow Deny from all Allow from 127.0.0.1 Allow from ::1 </IfModule> </Directory>
Start the apache service in CentOS 7 / RHEL 7.
# systemctl restart httpd.service
Configure the FirewallD to allow external machines to access the dashboard (CentOS / RHEL).
# firewall-cmd --permanent --zone=public --add-service=http # firewall-cmd --reload
Configure phpLDAPAdmin:
Now, setup phpLDAPadmin by modifying some of its configuration values.
### CentOS 7 / RHEL 7 ### # vi /etc/phpldapadmin/config.php ### Ubuntu 16.04 ### $ sudo nano /etc/phpldapadmin/config.php
A handy name that will appear in the left tree viewer and throughout phpLDAPadmin to identify this LDAP server to users.
$servers->setValue('server','name','Worldcm Local LDAP Server');
If you are planning to manage the LDAP server other than localhost then you can modify the below parameter. (Optional)
$servers->setValue('server','host','127.0.0.1');
To connect to the LDAP server which listens on the non-standard port. (Optional)
$servers->setValue('server','port',389);
Array of base domain names of your LDAP server. ( Must be set in Ubuntu 16.04)
$servers->setValue('server','base',array('dc=worldcm,dc=net'));
On CentOS 7 / RHEL 7:
Uncomment the line 397 and comment out the 398, like below.
$servers->setValue('login','attr','dn'); // $servers->setValue('login','attr','uid');
If you have SELinux enabled on CentOS 7 / RHEL 7 then run this command.
# setsebool -P httpd_can_connect_ldap on
Access phpLDAPAdmin:
Open up the web browser and navigate it to the following URL.
http://your-ip-add-ress/phpldapadmin
If you have below values set in /etc/phpldapadmin/config.php file then the Login DN: will be automatically pre-populated.
$servers->setValue('login','bind_id','cn=ldapadm,dc=worldcm,dc=net');
Now you can start managing your LDAP server via phpLDAPAdmin.
Open the configuration file with your favourite editor.
# vim /etc/phpldapadmin/config.php
The following changes are to be made in the php code:
Create a name for your LDAP server that will appear for users on the admin dashboard; this setting is located on line 291
$servers->setValue('server','name','Hostadvice LDAP Server');
To manage another LDAP server other than the localhost, you can uncomment and change the setting on line 298, entering the appropriate IP address:
$servers->setValue('server','host','127.0.0.1');
The default port for the LDAP server is left to 389 (non-standard port), you can change it by uncommenting line 301:
$servers->setValue('server','port',389);
Line 332 will define your domain details, change it appropriately.
$servers->setValue('login','bind_id','cn=ldapadm,dc=example,dc=hostadvice,dc=local');
Special Note: The LDAP DN are set when installing and configuring LDAP on your CentOS 7.
The password hashing algorithm set should be ssha. So change line 388 appropriately:
$servers->setValue('appearance','password_hash','ssha');
Line 397 should be uncommented to ensure the login credentials used are the domain name details and not the user identification (so comment out line 398)
$servers->setValue('login','attr','dn');
//$servers->setValue('login','attr','uid');
Save your changes and exit the editor.
----------