This is a web-based LDAP client which is written with PHP programming language. Since it runs on the web, it has the ability to run on almost all GUI server platforms.
Some of the features offered by LDAP include:
- LDAP Tree browsing
- Entry management (move between servers, delete, copy and edit)
- Image view and editing
- Simple and advances searching
- User authentication credentials management (supports hashing algorithms such as SHA)
Before You Start
- A VPS running CentOS 7
- A non-root user with sudo privileges
- Install LDAP client services. You can learn How To Configure the Lightweight Directory Access Protocol Server on a CentOS 7 VPS or Dedicated Server
- httpd service installed and running. You can also learn How to Install the LEMP (Linux, Nginx, MySQL, PHP) Stack on CentOS 7 VPS or Dedicated Server
- Install PHP
Special Note: If you decide to follow these tutorials, you should already have installed PHP too.
Update system packages
$ sudo yum update && sudo yum upgrade
Install extra PHP packages
You need to install php-ldap and a few other php packages needed to run phpLDAPadmin.
$ sudo yum install php-ldap php-mbstring php-pear php-xml
The Extra Packages for Enterprise Linux (EPEL) release updates have to be installed because phpLDAPadmin is not available in the main repository.
$ sudo yum install epel-release
Start LDAP services
The ldap services need to be started and also be enabled to start automatically on boot up.
$ sudo systemctl start sldap && sudo systemctl enable sldap
Install the phpLDAPadmin
$ sudo yum -y install phpldapadmin
Configure the phpLDAPadmin Virtual Host
Modify your configuration file located at /etc/httpd/conf.d/phpldapadmin.conf to look like the one below:
Alias /phpldapadmin /usr/share/phpldapadmin/htdocs Alias /ldapadmin /usr/share/phpldapadmin/htdocs <Directory /usr/share/phpldapadmin/htdocs> <IfModule mod_authz_core.c> # Apache 2.4 Requireall granted </IfModule> <IfModule !mod_authz_core.c> # Apache 2.2 Order Deny,Allow Deny from all Allow from 127.0.0.1 Allow from ::1 </IfModule> </Directory>
Configure the phpLDAPadmin
Open the configuration file with your favourite editor.
$ sudo vim /etc/phpldapadmin/config.php
The following changes are to be made in the php code:
Create a name for your LDAP server that will appear for users on the admin dashboard; this setting is located on line 291
$servers->setValue('server','name','Hostadvice LDAP Server');
To manage another LDAP server other than the localhost, you can uncomment and change the setting on line 298, entering the appropriate IP address:
The default port for the LDAP server is left to 389 (non-standard port), you can change it by uncommenting line 301:
Line 332 will define your domain details, change it appropriately.
Special Note: The LDAP DN are set when installing and configuring LDAP on your CentOS 7.
The password hashing algorithm set should be ssha. So change line 388 appropriately:
Line 397 should be uncommented to ensure the login credentials used are the domain name details and not the user identification (so comment out line 398)
Save your changes and exit the editor.
If you are using php version 7.2, phpLDAPadmin has a lot of compatibility issues with it due to using deprecated functions. You can learn how to patch the bugs here.
After fixing the bugs, you can access your LDAP administration dashboard here:
http://(serverIP)/phpldapadmin. The landing page should look like the one below.
You can go ahead and login by pressing the login button on the sidebar menu. The login DN details should be pre-populated if you correctly configured your phpldapadmin config file. You only need to enter the ldapadm password
It is a safe practice to have SSL certificate installed on the server running phpLDAPadmin to ensure information is encrypted.
The phpLDAPadmin tool comes in handy for easy LDAP administration, especially for newbie system administrators although some configurations still have to be done on the command line, e. g. creating object classes.