22 Apr

Setup OpenLDAP + phpLDAPadmin on Azure/AWS/GCP

Install OpenLDAP on Ubuntu 22.04 with phpLDAPadmin. Deploy on Azure, AWS and GCP via the image in the marketplace below. OpenLDAP is command-line driven server software that allows IT admins to build and manage an LDAP directory. phpLDAPadmin is a web application that allows admins to interact with OpenLDAP via a web based UI portal, making managing OpenLDAP more easier.

Cloud LDAP with OpenLDAP + phpLDAPadmin

Setup OpenLDAP on Azure

Deploy OpenLDAP + phpLDAPadmin on Ubuntu 22.04

Deploy OpenLDAP + phpLDAPadmin on Ubuntu 20.04

Setup OpenLDAP on AWS

Coming soon….

Setup OpenLDAP on GCP

Coming soon….

Getting Started with Cloud Open LDAP Server

Once your LDAP server has been deployed, the following links explain how to connect to a Linux VM:

Once connected and logged in, the following section explains how to start using OpenLDAP.

Setup & Configure OpenLDAP Server

The first step is to start configuring the DNS and corporation name of your newly deployed OpenLDAP Server. Run the following command to start the configuration:

				
					sudo dpkg-reconfigure slapd

This will start a series of the following questions:

1) Omit OpenLDAP Configuration

Select ‘No‘ to omit OpenLDAP server configuration.

2) Setup DNS Domain Name

Next is to enter the domain name that will be used to create a root dn (Distinguished Name) for your OpenLDAP server.

For example in our example our domain cloudinfrastructureservices.co.uk our dn will be dc=cloudinfrastructureservices,dc=co,dc=uk.

3) Enter Organization Name

Next is to add your organization name.

4) Set OpenLDAP Administrator Password

Next step is to set a password for your administrator password.

5) Remove database

Next screen will ask ‘Do you wnat the database to be removed when slapd is purged?’. Select ‘No‘

6) Move old Database

Next question will ask if you want to ‘Move old database?‘. Select ‘Yes‘.

7) Completion Output

Your output should look something like this:

				
					  Backing up /etc/ldap/slapd.d in /var/backups/slapd-2.5.17+dfsg-0ubuntu0.22.04.1... done.
  Moving old database directory to /var/backups:
  - directory unknown... done.
  Creating initial configuration... done.
  Creating LDAP directory... done.

Configure LDAP Clients

Once you’ve configured your OpenLDAP server DNS / Corporation settings as above. The next step is to configure your LDAP client settings. Run the following command:

				
					sudo nano /etc/ldap/ldap.conf

Specify the base dn and URI of the openLDAP server that you’ve configured.

				
					BASE dc=cloudinfrastructureservices,dc=co,dc=uk
URI ldap://localhost

Save and exit the nano editor.

Testing LDAP

Run the following command to test your LDAP config is working correctly:

				
					ldapsearch -x

And you should get an output similar to:

				
					azuretest@ldapvm:~$ ldapsearch -x
# extended LDIF
#
# LDAPv3
# base <dc=cloudinfrastructureservices,dc=co,dc=uk> (default) with scope subtree
# filter: (objectclass=*)
# requesting: ALL
#

# cloudinfrastructureservices.co.uk
dn: dc=cloudinfrastructureservices,dc=co,dc=uk
objectClass: top
objectClass: dcObject
objectClass: organization
o: CIS Ltd
dc: cloudinfrastructureservices

# search result
search: 2
result: 0 Success

# numResponses: 2
# numEntries: 1

Setup / Configure phpLDAPadmin

Final step is configure your phpLDAPadmin that allows you to manage your LDAP server via a web GUI dashboard. Run the following command to start the configuration:

				
					sudo nano /etc/phpldapadmin/config.php

Edit the following sections according to your LDAP server settings. Add your timezone, LDAP server name, IP address, base, bindID and to hide the template warning message.

				
					$config->custom->appearance['timezone'] = 'Asia/Kolkata'
$servers->setValue('server','name','TestLdap LDAP Server');
$servers->setValue('server','host','192.168.1.5');
$servers->setValue('server','base',array('dc=cloudinfrastructureservices,dc=co,dc=uk'));
$servers->setValue('login','bind_id','cn=admin,dc=cloudinfrastructureservices,dc=co,dc=uk');
$config->custom->appearance['hide_template_warning'] = true;

By default, anonymous login is enabled. To disable it, you need to remove the comment character (the two slashes) and change true to false.Save and close the file.

				
					$servers->setValue('login','anon_bind',false);

Save and exit the nano editor.

Login to phpLDAPadmin

Once you’ve completed all the steps you can now login by opening your web browser and going to the IP address you configured and adding /phpldapadmin/ to your URL so in my example its:

				
					http://192.168.1.5/phpldapadmin/

You will login using your admin DN and enter the password for the admin user created during the slapd reconfiguration.

OpenLDAP Firewall Ports

OpenLDAP and phpLDAPadmin use the following ports. If you’re using any cloud based firewalls or internal network firewalls, make sure the following ports are open:

TCP 389 (LDAP)
TCP 636 (LDAPS)
TCP 80 (http for phpLDAPadmin )
TCP 443 (https for phpLDAPadmin)

If you are using any of the cloud security groups and need to change / add ports refer to the following guides:

To setup AWS firewall rules refer to – AWS Security Groups

To setup Azure firewall rules refer to – Azure Network Security Groups

To setup Google GCP firewall rules refer to – Creating GCP Firewalls

Documentation / Support

For further documentation on settings and configuration check out the following:

OpenLDAP

https://www.openldap.org/doc/

phpLDAPadmin

https://github.com/leenooks/phpLDAPadmin/wiki

Disclaimer: OpenLDAP is a registred trademark of OpenLDAP Foundation and is licensed under The OpenLDAP Public License. No warrantee of any kind, express or implied, is included with this software. Use at your risk, responsibility for damages (if any) to anyone resulting from the use of this software rest entirely with the user. The author is not responsible for any damage that its use could cause.

phpLDAPadmin is licensed under the General Public License v2.0.