Open in app

Sign in

Write

Sign in

Installing OpenLDAP and phpLDAPadmin on Ubuntu 20.04 LTS

Benjamin Dronen
6 min readJun 12, 2020

--

In this tutorial, we will go through the process of installing OpenLDAP and phpLDAPadmin on the newly released Ubuntu 20.04 LTS.

Prerequisites

We will assume you have a copy of Ubuntu 20.04 LTS server already up and running. It is encouraged to install all updates before proceeding via:

sudo apt update
sudo apt upgrade -y

Installing OpenLDAP

All the packages we will need for installing OpenLDAP are available via the default repositories included within Ubuntu 20.04 LTS, we imply need to install them using the terminal via:

sudo apt install -y slapd ldap-utils

You will be prompted to enter the password that you would like to use for the admin entry in your LDAP directory. Make sure to use something secure. You will be asked to confirm the password after entering it the first time.

Prompt encountered when installing slapd

Configuring OpenLDAP

Now that we have OpenLDAP installed, we must configure it. To enter the configuration prompt, we must execute:

sudo dpkg-reconfigure slapd

We will be prompted with a window asking if we want to “Omit OpenLDAP server configuration.” Select the <No> option with the arrow keys, then press enter.

Select the <No> option with the arrow keys, then press enter.

We will be asked for a DNS domain name that will be used for the base DN of the LDAP directory. In reality this can be whatever you want, even if you don’t own the domain, however, it makes the most sense to enter your own domain name, if you own one, or the domain name belonging to your organization. For the purposes of this article, we will be using foo.example.org. Type the domain name of your choosing, then press enter.

Enter the domain name relevant to your organization, then press enter.

Now we will be prompted to enter the name of the our organization. In this example, we will be using Example. Type in your organization name, then press enter.

Enter the name of your organization, then press enter.

Continuing, we will be asked to type in our administrator password. This is the password we set up earlier during the install process. Once you enter the password and advance, you will be asked once more for the administrative password to confirm.

You will be prompted for the password that you created during the install process.

Proceeding, we will be prompted as to whether or not the database should be removed when slapd is purged. Select the <No> option with the arrow keys, and press enter.

Select the <No> option with the arrow keys, and press enter.

Finally, we will be asked if we want to move the old database. Select the <Yes> option with the arrow keys, then hit enter.

Select the <Yes> option with the arrow keys, then hit enter.

After this prompt, we will be dropped back into our command line environment. Our OpenLDAP server should be up and running. We can verify by running:

sudo systemctl status slapd

There should be a line in the output that says: Active: active (running)

If you see this, congratulations! Your new OpenLDAP server is up and running! However, we must take care of one last piece of business: We need to open up our external port so that our newly created directory server can be accessed from machines other than our local machine. We can do this by running the following command from the terminal:

sudo ufw allow ldap

Now we should be good to go. We can test our OpenLDAP instance by running the following command:

ldapwhoami -H ldap:// -x

Which should return anonymous

This indicates that our OpenLDAP server is responding to queries properly.

Installing and Configuring phpLDAPadmin (Optional)

Now that we have our directory server installed and configured, it would be nice to be able to manage it via a GUI. To do this, we will install phpLDAPadmin. To do so, execute the following command in your terminal:

sudo apt install phpldapadmin

Once this is finished, phpLDAP admin will be installed, as will an Apache configuration for it. Now we must configure it. To start off, we must edit /etc/phpldapadmin/config.php by running the following command:

sudo nano -c /etc/phpldapadmin/config.php

Use the arrow keys to navigate. Find the line that says $server->setValue('server','name','My LDAP Server'); For me, this was at line number 286 (nano’s -c option shows line numbers near the bottom of the terminal window, which comes in handy). We will replace 'My LDAP Server' with something more appropriate to us. I will use 'Example LDAP Server' , which will look like this:

$servers->setValue('server','name','Example LDAP Server');

A few lines down (line number 300) is a line that looks like$servers->setValue('server','base',array('dc=example,dc=com')); We will replace 'dc=example,dc=com' with the base that would have been generated by the domain name we entered when setting up OpenLDAP. In our example, foo.example.org would be 'dc=foo,dc=example,dc=org' . Modify this to fit the base generated by your domain name. After editing, our line will look like:

$servers->setValue('server','base',array('dc=foo,dc=example,dc=org'));

Now find the line that looks like $servers->setValue('login','bind_id' (line number 326 for me). Prepend this line with a # as follows:

#$servers->setValue('login','bind_id','cn=admin,dc=example,dc=com');

This disables the automatic filling of the admin user on the web interface, which may be accessible by others.

Lastly, we will disable template warning messages, as they have no bearing on our interactions with phpLDAPadmin. By default, the hide_template_warning option is commented out and set to false(for me it was at line 161). Find it, and set it to true so that it looks like this:

$config->custom->appearance['hide_template_warning'] = true;

Close and save by pressing CNTRL+x, then typing a y character and pressing enter.

Now we will enter the GUI via a web browser. We can access it via IP address, or via hostname. In our example, our interface would be available via http://foo.example.org/phpldapadmin

We will be greeted with a page that looks like this:

Press the “login” button on the left side of the browser window.

We can proceed by pressing the “login” button on the left side of the window. We will then see a login page that looks like this:

For our Login DN, we will use cn=admin, Followed by our base DN used previously. In our example, our full Login DN will be cn=admin,dc=foo,dc=example,dc=org

You now should be logged into the phpLDAPadmin server interface, where you can create users, groups, etc. easily. Be aware, that by default, https is not enabled, so your interactions between you and your phpLDAPadmin instance are not secured. You will likely want to generate an SSL certificate (or use a free LetsEncrypt certificate) and enable it within the apache virtualhost that is created by phpLDAPadmin, but that is outside the scope of this article.

Conclusion

Hopefully this article helped you install and configure OpenLDAP and phpLDAPadmin successfully on your new instance of Ubuntu 20.04. I’m hoping to do a series of these types of articles, building up to a full MFA enabled authentication system, so feel free to follow me if you’re interested in more content like this.

Ubuntu
Openldap
Phpldapadmin
Ubuntu Server
Ldap

--

--

Benjamin Dronen
Benjamin Dronen

Written by Benjamin Dronen

8 Followers
1 Following

Responses (2)

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams