{"id":5862,"date":"2020-05-09T22:55:44","date_gmt":"2020-05-09T19:55:44","guid":{"rendered":"https:\/\/kifarunix.com\/?p=5862"},"modified":"2024-03-14T20:34:37","modified_gmt":"2024-03-14T17:34:37","slug":"install-and-setup-phpldapadmin-on-ubuntu-20-04","status":"publish","type":"post","link":"https:\/\/kifarunix.com\/install-and-setup-phpldapadmin-on-ubuntu-20-04\/","title":{"rendered":"Install and Setup phpLDAPadmin on Ubuntu 20.04"},"content":{"rendered":"\n

In this guide, you will learn how to install and setup phpLDAPadmin on Ubuntu 20.04. phpLDAPadmin<\/a> (also known as PLA) is a web-based application written in PHP for administering LDAP servers. PLA is designed to manage records in an LDAP server, including creating, modifying, deleting records.<\/p>\n\n\n\n

Learn how to install and setup OpenLDAP server with SSL\/TLS on Ubuntu 20.04 by following the link below;<\/p>\n\n\n\n

Install and Setup OpenLDAP Server on Ubuntu 20.04<\/a><\/p>\n\n\n\n

Installing phpLDAPadmin on Ubuntu 20.04<\/h2>\n\n\n\n

Want to use Debian 10\/11 instead? Check the link below;<\/p>\n\n\n\n

Install phpLDAPAdmin on Debian 10\/Debian 11<\/a><\/p>\n\n\n\n

Install phpLDAPadmin on Ubuntu 20.04<\/h3>\n\n\n\n

phpLDAPadmin is available on Ubuntu 20.04 repos;<\/p>\n\n\n\n

apt show phpldapadmin<\/code><\/pre>\n\n\n\n
Package: phpldapadmin\nVersion: 1.2.2-6.3\nPriority: extra\nSection: universe\/admin\nOrigin: Ubuntu\nMaintainer: Ubuntu Developers ubuntu-devel-discuss@lists.ubuntu.com\nOriginal-Maintainer: Fabio Tranchitella kobold@debian.org\nBugs: https:\/\/bugs.launchpad.net\/ubuntu\/+filebug\nInstalled-Size: 4,686 kB\nDepends: php, php-ldap, php-xml, ucf (>= 0.28), debconf (>= 0.5) | debconf-2.0\nDownload-Size: 719 kB\nAPT-Sources: http:\/\/us.archive.ubuntu.com\/ubuntu focal\/universe amd64 Packages\n<\/code><\/pre>\n\n\n\n
You can simply install it by running the command below;<\/p>\n\n\n\n
apt install phpldapadmin<\/code><\/pre>\n\n\n\n
Note that will install phpLDAPadmin with PHP 7.4. So expect a number of warnings on deprecation when running phpLDAPadmin.<\/p>\n\n\n\n
Configuring phpLDAPadmin on Ubuntu 20.04<\/h3>\n\n\n\n
The default configuration file for phpLDAPadmin is \/etc\/phpldapadmin\/config.php<\/strong><\/code>. This is the file that we are going to edit to make our configuration changes as per LDAP server settings.<\/p>\n\n\n\n
vim \/etc\/phpldapadmin\/config.php<\/code><\/pre>\n\n\n\n
The configuration file is highly commented. We are only going to make a few changes in this demo, enough to access and run phpLDAPadmin to administer LDAP server.<\/p>\n\n\n\n
Set a suitable name for your LDAP server. This is the name that will appear on phpLDAPadmin web interface.<\/p>\n\n\n\n
\/*********************************************\n * Define your LDAP servers in this section  *\n *********************************************\/\n...\n...\n\/* A convenient name that will appear in the tree viewer and throughout\n   phpLDAPadmin to identify this LDAP server to users. *\/\n$servers->setValue('server','name','Kifarunix-demo LDAP Server<\/strong>');\n...<\/code><\/pre>\n\n\n\n
Define the IP address or resolvable hostname of your OpenLDAP server;<\/p>\n\n\n\n
$servers->setValue('server','host','ldap.kifarunix-demo.com<\/strong>');<\/code><\/pre>\n\n\n\n
Define the port on which your OpenLDAP server is listening on. In our demo, our OpenLDAP is configured with StartTLS (port 389).<\/p>\n\n\n\n
\/* The port your LDAP server listens on (no quotes). 389 is standard. *\/\n$servers->setValue('server','port',389);<\/strong><\/code><\/pre>\n\n\n\n
Set the OpenLDAP base DN. In our setup, OpenLDAP base DN is set to dc=kifarunix-demo,dc=com<\/code><\/strong>.<\/p>\n\n\n\n
\/* Array of base DNs of your LDAP server. Leave this blank to have phpLDAPadmin\nauto-detect it for you. *\/\n$servers->setValue('server','base',array('dc=kifarunix-demo,dc=com<\/strong>'));<\/code><\/pre>\n\n\n\n
Define your phpLDAPadmin authentication type. In this demo, we choose the default authentication type, session<\/code>.<\/p>\n\n\n\n
$servers->setValue('login','auth_type','session');<\/code><\/pre>\n\n\n\n
Define the Bind DN of the administrative user to login to phpLDAPadmin;<\/p>\n\n\n\n
$servers->setValue('login','bind_id','cn=admin,dc=kifarunix-demo,dc=com<\/strong>');<\/code><\/pre>\n\n\n\n
You can optionally specify an attribute to use when logging in. In our case, we want to use full DN, cn=admin,dc=kifarunix-demo,dc=com<\/code><\/strong>, for logging in.<\/p>\n\n\n\n
$servers->setValue('login','attr','dn');<\/code><\/pre>\n\n\n\n
Configure user ID auto increment when creating users from phpLDAPadmin web interface. This ensures that you do not re-use already assigned user and group IDs. In this setup, we choose the ID from 10000.<\/p>\n\n\n\n
\/* The minimum number to use when searching for the next available number\n(only when 'search' is used for auto_number. *\/\n$servers->setValue('auto_number','min',array('uidNumber'=>10000,'gidNumber'=>10000));<\/strong><\/code><\/pre>\n\n\n\n
That is all the changes we could make in this guide. Go through the configuration file and choose any other option you want to configure.<\/p>\n\n\n\n
Save and exit the file once done with configuration.<\/p>\n\n\n\n
Configure Apache for phpLDAPadmin<\/h3>\n\n\n\n
If you need to make any changes on phpLDAPadmin Apache configuration, edit the file, \/etc\/apache2\/conf-available\/phpldapadmin.conf<\/strong><\/code> and make your changes. We go with the default settings in our case.<\/p>\n\n\n\n
Disable Apache default site (with welcome page)<\/p>\n\n\n\n
a2dissite 000-default.conf<\/code><\/pre>\n\n\n\n
Open Apache on firewall to allow external access.<\/p>\n\n\n\n
ufw allow 80\/tcp<\/code><\/pre>\n\n\n\n
Restart Apache;<\/p>\n\n\n\n
systemctl restart apache2<\/code><\/pre>\n\n\n\n
Accessing phpLDAPadmin on Browser<\/h3>\n\n\n\n
You can access phpLDAPadmin using the address, http:\/\/server-IP-or-Hostname\/phpldapadmin<\/strong><\/code>.<\/p>\n\n\n\n
\"\"<\/figure>\n\n\n\n
If you get the warning, 
Deprecated<\/strong>: Array and string offset access syntax with curly braces is deprecated in \/usr\/share\/phpldapadmin\/lib\/functions.php<\/strong> on line 1614<\/strong><\/code><\/em>, you can simply replace the curly braces ({}<\/strong><\/code>) with square brackets ([]<\/code>) on the affected line, 1614.<\/p>\n\n\n\n
Click login<\/strong> to login to you phpLDAPadmin web user interface. Since we already defined the admin Bind DN, simply enter the password and login;<\/p>\n\n\n\n
\"\"<\/figure>\n\n\n\n
Upon successful authentication, you land on phpLDAPadmin dashboard.<\/p>\n\n\n\n
\"\"<\/figure>\n\n\n\n
You can now administer your LDAP server with web interface.<\/p>\n\n\n\n
Create LDAP User on phpLDAPadmin<\/a><\/h3>\n\n\n\n
As an example, we will learn how to create an LDAP user and its group using phpLDAPadmin.<\/p>\n\n\n\n
Create user posixGroup<\/h4>\n\n\n\n
Click ou=group<\/code>. Then click Create new entry here<\/strong><\/code> {option 1} or click Create a child entry<\/strong><\/code> {option 2}.<\/p>\n\n\n\n
\"\"<\/figure>\n\n\n\n
Next, click Generic: Posix Group<\/strong><\/code> template for creating an LDAP user group.<\/p>\n\n\n\n
\"\"<\/figure>\n\n\n\n
Enter name of the group, which in this case we set it to be same as the uid of the user we are going to create. If you noticed, the group is autopopulated<\/strong>.<\/p>\n\n\n\n
If you want any other users to be part of the group, select their usernames. Click Create Object <\/code><\/strong>once done and commit the changes.<\/p>\n\n\n\n
\"\"<\/figure>\n\n\n\n
Create user posixAccount<\/h4>\n\n\n\n
Once you have a user group created, proceed to create the user account. Click on ou=people<\/strong><\/code> and similarly, you have two options, either click Create new entry here<\/strong><\/code> or click Create a child entry<\/strong><\/code>.<\/p>\n\n\n\n
Select the Generic: User Account<\/strong><\/code> template for creating user object.<\/p>\n\n\n\n
Generate user password hash;<\/p>\n\n\n\n
slappasswd<\/code><\/pre>\n\n\n\n
New password: password<\/strong>\nRe-enter new password: password<\/strong>\n{SSHA}vrJOf+\/AFD9pdGKo\/azGavDfbZ8OGJX1<\/strong><\/code><\/pre>\n\n\n\n
If you need to verify if the password matches the pasted hash, click check password<\/strong>.<\/p>\n\n\n\n
When you set the password, select ssha<\/strong> and paste the hash above as the password.<\/p>\n\n\n\n
Fill in the user details appropriately as shown in the screenshot below;<\/p>\n\n\n\n
\"\"<\/figure>\n\n\n\n
Once done, click Create Object <\/code><\/strong>once done and commit the changes.<\/p>\n\n\n\n
\"\"<\/figure>\n\n\n\n
Note, to be able to have bash among the shell options, edit the posixAccount creation template and add bash option by running the command;<\/p>\n\n\n\n
sed -i '\/<value id=\"\\\/bin\\\/tsh\">\\\/bin\\\/tsh<\\\/value>\/a \\\\t<value id=\"\/bin\/bash\">\\\/bin\\\/bash<\\\/value>' \/etc\/phpldapadmin\/templates\/creation\/posixAccount.xml<\/code><\/pre>\n\n\n\n
If you have the user information in an LDIF file, you can import this file by clicking import<\/strong> at the top menu bar on the left pane.<\/p>\n\n\n\n
To confirm the user creation on OpenLDAP server backend;<\/p>\n\n\n\n
ldapsearch -H ldapi:\/\/\/ -Y EXTERNAL -b \"dc=kifarunix-demo,dc=com\" \"(&(objectclass=posixAccount)(uid=janedoe))\" -LLL -Q<\/code><\/pre>\n\n\n\n
dn: cn=janedoe,ou=people,dc=kifarunix-demo,dc=com\ncn: janedoe\ngivenName: Jane\ngidNumber: 10001\nhomeDirectory: \/home\/janedoe\nsn: Doe\nloginShell: \/bin\/bash\nobjectClass: inetOrgPerson\nobjectClass: posixAccount\nobjectClass: top\nuidNumber: 10001\nuid: janedoe\nuserPassword:: e1NTSEF9Y1VNNWx1UWM0Sjl5WlhnZWJZTHkwMjRhTmszdlVkUE4=\n<\/code><\/pre>\n\n\n\n
ldapsearch -H ldapi:\/\/\/ -Y EXTERNAL -b \"dc=kifarunix-demo,dc=com\" \"(&(objectclass=posixGroup)(cn=janedoe))\" -LLL -Q<\/code><\/pre>\n\n\n\n
dn: cn=janedoe,ou=groups,dc=kifarunix-demo,dc=com\ngidNumber: 10001\ncn: janedoe\nobjectClass: posixGroup\nobjectClass: top<\/code><\/pre>\n\n\n\n
You can explore the functionality of this tool further.<\/p>\n\n\n\n
Related Tutorials<\/h3>\n\n\n\n
Install phpLDAPadmin on CentOS 8<\/a><\/p>\n\n\n\n
Configure SSSD for LDAP Authentication on Ubuntu 20.04<\/a><\/p>\n\n\n\n
Setup OpenLDAP Master-Slave Replication on CentOS 8<\/a><\/p>\n\n\n\n
How to Configure DokuWiki OpenLDAP Authentication<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"
In this guide, you will learn how to install and setup phpLDAPadmin on Ubuntu 20.04. phpLDAPadmin (also known as PLA) is a web-based application written<\/p>\n","protected":false},"author":3,"featured_media":9240,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"rank_math_lock_modified_date":false,"footnotes":""},"categories":[121,285,1099],"tags":[1594,1592,1591,1593,1200],"class_list":["post-5862","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-howtos","category-directory-server","category-openldap","tag-install-phpldapadmin-on-ubuntu","tag-install-phpldapadmin-on-ubuntu-20-04","tag-phpldapadmin","tag-phpldapadmin-ubuntu-20-04","tag-ubuntu-20-04","generate-columns","tablet-grid-50","mobile-grid-100","grid-parent","grid-50","resize-featured-image"],"_links":{"self":[{"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/posts\/5862"}],"collection":[{"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/comments?post=5862"}],"version-history":[{"count":9,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/posts\/5862\/revisions"}],"predecessor-version":[{"id":21386,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/posts\/5862\/revisions\/21386"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/media\/9240"}],"wp:attachment":[{"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/media?parent=5862"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/categories?post=5862"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/tags?post=5862"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}