phpldapadmin

---------

Install phpLDAPAdmin:

Now you can install phpLDAPAdmin using “yum” on CentOS and “apt-get” on Ubuntu respectively.

### CentOS 7 / RHEL 7 ###  # yum install -y phpldapadmin  ### Ubuntu 16.04 ###  $ sudo apt-get update $ sudo apt-get install -y phpldapadmin

Configure Apache virtual host on CentOS 7 / RHEL 7:

By default, phpLDAPAdmin places the web config file in /etc/httpd/conf.d directory; it has rules and access permission. phpLDAPAdmin can be accessed only from the localhost (127.0.0.1), to change that; we have to edit the phpldapadmin.conf file.

In CentOS 7, web access is managed by mod_authz_core.c module; so regular allow or deny rules won’t work even if you modify.

# vi /etc/httpd/conf.d/phpldapadmin.conf

Update the configuration file shown like below. Hash out the Red and Add the Green one.

Alias /phpldapadmin /usr/share/phpldapadmin/htdocs Alias /ldapadmin /usr/share/phpldapadmin/htdocs  usr/share/phpldapadmin/htdocs>   <IfModule mod_authz_core.c>     # Apache 2.4     # Require local     Require all granted   IfModule>   <IfModule !mod_authz_core.c>     # Apache 2.2     Order Deny,Allow     Deny from all     Allow from 127.0.0.1     Allow from ::1   </IfModule> </Directory>

Start the apache service in CentOS 7 / RHEL 7.

# systemctl restart httpd.service

Configure the FirewallD to allow external machines to access the dashboard (CentOS / RHEL).

# firewall-cmd --permanent --zone=public --add-service=http # firewall-cmd --reload

Configure phpLDAPAdmin:

Now, setup phpLDAPadmin by modifying some of its configuration values.

### CentOS 7 / RHEL 7 ###  # vi /etc/phpldapadmin/config.php  ### Ubuntu 16.04 ###  $ sudo nano /etc/phpldapadmin/config.php

A handy name that will appear in the left tree viewer and throughout phpLDAPadmin to identify this LDAP server to users.

$servers->setValue('server','name','Worldcm Local LDAP Server');

If you are planning to manage the LDAP server other than localhost then you can modify the below parameter. (Optional)

$servers->setValue('server','host','127.0.0.1');

To connect to the LDAP server which listens on the non-standard port. (Optional)

$servers->setValue('server','port',389);

Array of base domain names of your LDAP server. ( Must be set in Ubuntu 16.04)

$servers->setValue('server','base',array('dc=worldcm,dc=net'));

On CentOS 7 / RHEL 7:

Uncomment the line 397 and comment out the 398, like below.

$servers->setValue('login','attr','dn'); // $servers->setValue('login','attr','uid');

If you have SELinux enabled on CentOS 7 / RHEL 7 then run this command.

# setsebool -P httpd_can_connect_ldap on

Access phpLDAPAdmin:

Open up the web browser and navigate it to the following URL.

http://your-ip-add-ress/phpldapadmin

If you have below values set in /etc/phpldapadmin/config.php file then the Login DN: will be automatically pre-populated.

$servers->setValue('login','bind_id','cn=ldapadm,dc=worldcm,dc=net');

Now you can start managing your LDAP server via phpLDAPAdmin.

Open the configuration file with your favourite editor.

The following changes are to be made in the php code:

Create a name for your LDAP server that will appear for users on the admin dashboard; this setting is located on line 291

To manage another LDAP server other than the localhost, you can uncomment and change the setting on line 298, entering the appropriate IP address:

The default port for the LDAP server is left to 389 (non-standard port), you can change it by uncommenting line 301:

Line 332 will define your domain details, change it appropriately.

Special Note: The LDAP DN are set when installing and configuring LDAP on your CentOS 7.

The password hashing algorithm set should be ssha. So change line 388 appropriately:

Line 397 should be uncommented to ensure the login credentials used are the domain name details and not the user identification (so comment out line 398)

Save your changes and exit the editor.

----------