Tuts4Tech » ldap

Installing PHPLdapAdmin To Manage Your Ldap Server

Duffy — Fri, 03 Jul 2009 17:17:39 +0000

I will be using lighttpd as the httpd

apt-get install lighttpd php5-cgi php5-ldap php5-mhash

Install PHPLdapAdmin
```
apt-get install phpldapadmin
```

Move your lighttpd.conf to lighttpd.conf.bak

cd /etc/lighttpd
mv lighttpd.conf lighttpd.conf.bak

Then download this lighttpd.conf and restart lighttpd

wget tuts4tech.net/files/lighttpd.conf
/etc/init.d/lighttpd restart

You should now be able to login to PHPLdapAdmin at http://server-ip:9090

Configuring LDAP Clients

Duffy — Thu, 02 Jul 2009 02:59:42 +0000

Install Needed Packages

We need to install the following packages on our LDAP server

apt-get install libnss-ldap libpam-ldap nscd

LDAP Account for root: cn=admin,dc=home,dc=local
Password: your-ldap-admin-password
Make local root database admin: yes
Database require logging in: No
Root login account: cn=admin,dc=home,dc=local
Root login password: your-ldap-admin-password

Configuration Files

/etc/libnss-ldap.conf

nano /etc/libnss-ldap.conf

host IP-OF-LDAP-SERVER
base dc=home,dc=local
bind_policy soft
rootbinddn cn=admin,dc=home,dc=local

/etc/pam_ldap.conf

/etc/pam_ldap.conf

host IP-OF-LDAP-SERVER
base dc=home,dc=local
rootbinddn cn=admin,dc=home,dc=local

Now we need to add pam_ldap so some of the pam configs

nano /etc/pam.d/common-account
account sufficient pam_ldap.so
account required pam_unix.so
#if you want user homedir to be created on first login
#session required pam_mkhomedir.so umask=0022 skel=/etc/skel/ silent

nano /etc/pam.d/common-auth
auth sufficient pam_ldap.so
auth required pam_unix.so nullok_secure use_first_pass

nano /etc/pam.d/common-password
password sufficient pam_ldap.so
password required pam_unix.so nullok obscure min=4 max=8 md5

nano /etc/pam.d/common-session
session sufficient pam_ldap.so
session required pam_unix.so
session optional pam_foreground.so

Finally we need to edit /etc/nsswitch.conf

nano /etc/nsswitch.conf

passwd:         compat ldap
group:          compat ldap
shadow:         compat ldap

How to setup a LDAP Server

Duffy — Wed, 01 Jul 2009 01:50:29 +0000

Installation

We need to install the ldap packages

apt-get install slapd ldap-utils migrationtools

Answer the questions and then use dpkg to reconfigure slapd for more options

dpkg-reconfigure slapd

Omit OpenLDAP server configuration? ... No
DNS domain name: ... home.local
Name of your organization: ... home
Admin Password: some-really-strong-password
Confirm Password: some-really-strong-password
OK
BDB
Do you want your database to be removed when slapd is purged? ... No
Move old database? ... Yes
Allow LDAPv2 Protocol? ... No

Check that the ldap server is now running
```
ldapsearch -x -b dc=home,dc=local
```
If you get this error
```
ldap_bind: Can't contact LDAP server (-1)
```
Its likely the daemon isn't running so start it
```
/etc/init.d/slapd start
```

Populating the Database

We can use migration tools to export all of our users and groups into the LDAP db switch into the migrations tools directory

cd /usr/share/migrationtools/

Edit the migrations tools config file

nano migrate_common.ph

and replace the following

DEFAULT_MAIL_DOMAIN = "home.local";
DEFAULT_BASE = "dc=home,dc=local";

Export the users and groups

./migrate_group.pl /etc/group /tmp/group.ldif
./migrate_passwd.pl /etc/passwd /tmp/passwd.ldif

Migrate tools doesn't create the group and people nodes therefore we need to create them open /tmp/nodes.ldif

nano /tmp/nodes.ldif

and paste in the following

dn: ou=People, dc=home, dc=local
ou: People
objectclass: organizationalUnit

dn: ou=Group, dc=home, dc=local
ou: Group
objectclass: organizationalUnit

Finally we need to import the entries into our LDAP database

ldapadd -x -W -D "cn=admin,dc=home,dc=local" -f /tmp/nodes.ldif
ldapadd -x -W -D "cn=admin,dc=home,dc=local" -f /tmp/group.ldif
ldapadd -x -W -D "cn=admin,dc=home,dc=local" -f /tmp/passwd.ldif

That is your LDAP server setup In this tutorial it will show you how to configure your LDAP Clients