February 2019 – Zaitouna Apps

LDAP Account Manager (LAM) is a webfrontend for managing entries (e.g. users, groups, DHCP settings) stored in an LDAP directory. LAM was designed to make LDAP management as easy as possible for the user. It abstracts from the technical details of LDAP and allows persons without technical background to manage LDAP entries. If needed, power users may still directly edit LDAP entries via the integrated LDAP browser.

Install LAM

1	pi@raspberrypi:~ $ sudo apt install ldap-account-manager

Configure LAM

Once installed, you can access the gui manager on

1	http://<server_ip_address>/lam

Missing php extensions

In case you run onto the errors below:

install the missing php extensions:

1	sudo apt install php-xml php-zip && sudo service apache2 restart

Update LAM settings

Connect to LAM, then go to LAM Configuration then Edit server profiles

the default password for LAM is lam. Do not forget to change it.

Under General Settings

Update Tree suffix with the values you put when installing slapd:

1	dc=codeplumbers, dc=eu

Under Security Settings

Change:

1	dc=Manager, dc=yourdomain, dc=org

to:

1	dc=admin, dc=codeplumbers, dc=eu

Connect under admin user

LAM can create the suffixes you defined. Click create.

Create a group

Under Groups, clickNew Group :

Save the group information.

Create users Under Users, click New User :

You can visualize the structure of your directory by clicking Tree view:

OpenLDAP is an Open Source LDAP implementation available for most platforms and Linux distributions. Its main component are:

slapd- stand-alone LDAP daemon (server)
libraries implementing the LDAP protocol, and
utilities, tools, and sample clients.

Install slapd

Start by making sure your distro is up-to-date:

1	sudo apt update && sudo apt upgrade

then install slapd and ldap-utils:

1 2	sudo apt install slapd ldap-tils

During the installation, you will need to give a password for the administration account:

Configure slapd

In order to configure slapd you need to run:

1 2	sudo dpkg-reconfigure slapd

On the first screen, select No:

Next, you will need to give the domain name you wish to use within the LDAP directory.

this will create a directory as follows:

1 2	dc=codeplumbers, dc=eu

Give the organization name (here codeplumbers) then you will be prompted for the admin password again. Type the password you setup earlier.
Select the database format that will be used internally by slapd. I selected the default: MDB.

Finally, select wether you want the local database to be kept or delereed when slapd is uninstalled. I selected no. Slapd is now installed.

Test the installation

To verify your installation you can use the following command:

1	ldapsearch -x

output:

1	pi@raspberrypi:~ $ ldapsearch -x # extended LDIF # # LDAPv3 # base <> (default) with scope subtree # filter: (objectclass=*) # requesting: ALL # # search result search: 2 result: 32 No such object # numResponses: 1

(the database is either empty or you need to use ldapsearch with authentication)

Zaitouna Apps

Month: February 2019

Manage an OpenLDAP based directory