Skip to Content

How to install OpenLDAP and phpldapadmin in CentOS?

How to install OpenLDAP and phpldapadmin in CentOS 7?

1. Install openldap packages.

[email protected] ~]# yum install openldap openldap-servers openldap-clients -y

2. Start and enable openldap service.

[email protected] ~]# systemctl start slapd && systemctl enable slapd

3. Create admin LDIF file and replace olcSuffix and olcRootDN.

[email protected] ~]# vim bind.ldif

dn: olcDatabase={2}hdb,cn=config
changetype: modify
replace: olcSuffix
olcSuffix: dc=centos,dc=com
 
dn: olcDatabase={2}hdb,cn=config
changetype: modify
replace: olcRootDN
olcRootDN: cn=admin,dc=centos,dc=com
4. To make these changes use ldapmodify command with the appropriate name.

[email protected] ~]# ldapmodify -Y EXTERNAL -H ldapi:/// -f bind.ldif

5. Generate password for admin user by using the below command.

[email protected] ~]# slappasswd
New password:
Re-enter new password:
{SSHA}lPFlwdh9G8O4OVQ7WPtNjWz5bgx53HcO

6. Create password LDIF file and replace password with yours.

[email protected] ~]# vim password.ldif

dn: olcDatabase={2}hdb,cn=config
changeType: modify
add: olcRootPW
olcRootPW: {SSHA}lPFlwdh9G8O4OVQ7WPtNjWz5bgx53HcO
7. To make these changes use ldapmodify command with the appropriate name.

[email protected] ~]# ldapmodify -Y EXTERNAL -H ldapi:/// -f password.ldif

8. To allow access to the LDAP database, replace olcAccess attribute with yours.

[email protected] ~]# vim config.ldif

dn: olcDatabase={1}monitor,cn=config
changetype: modify
replace: olcAccess
olcAccess: {0}to * by dn.base="gidNumber=0+uidNumber=0,cn=peercred,cn=external, cn=auth" read by dn.base="cn=admin,dc=centos,dc=com" read by * none

9. To make these changes use ldapmodify command with the appropriate name.

[email protected] ~]# ldapmodify -Y EXTERNAL -H ldapi:/// -f config.ldif

10. Use ldapsearch to validate the attribute that has changed.

[email protected] ~]# ldapsearch -Y EXTERNAL -H ldapi:/// -b cn=config olcDatabase=\*

11. Check configuration with the below command.

[email protected] ~]# slaptest -u

12. Create a LDIF file that saves the base DN.

[email protected] ~]# vim base.ldif

dn: dc=centos,dc=com
o: ldap
objectclass: dcobject
objectclass: organization

13. Use ldapadd with the bind DN and admin password to add base.ldif.

[email protected] ~]# ldapadd -f base.ldif -H ldapi:/// -D cn=admin,dc=centos,dc=com -W

Enter LDAP Password:

14. Install phpldapadmin package.

[email protected] ~]# yum -y install phpldapadmin

15. Edit phpldapadmin configuration file and comment #Require local and add a new line Require all granted.

[email protected] ~]# vim /etc/httpd/conf.d/phpldapadmin.conf

#Require local
Require all granted

16. Modify the configuration file located at /etc/phpldapadmin/config.php to look like the one below.

[email protected] ~]# vim /etc/phpldapadmin/config.php
$servers->setValue('server','name','CentOS LDAP');
$servers->setValue('server','host','127.0.0.1');
$servers->setValue('server','port',389);
$servers->setValue('server','base',array('dc=centos,dc=com'));
$servers->setValue('login','attr','dn'); 
// $servers->setValue('login','attr','uid'); 
$servers->setValue('login','bind_id','cn=admin,dc=centos,dc=com');
$config->custom->appearance['hide_template_warning'] = true;
 
17. After making the changes open the browser and access your LDAP administration dashboard with http://server_ip/phpldapadmin

18. The following image shows the GUI of phpldapadmin.

     Click on " login" button at the top left corner of GUI to log in to the admin dashboard. 

19. Creating groups in LDAP
Click on the create a child entry and select the Object which you want to create. 
 
 
20. Create User in LDAP
Click on the create a child entry and select Generic: User Account. Specify the username, select the GID Number from the drop-down menu, provide home directory, password, user ID and then click on Create Object to create the user. 
 

To integrate OpenLDAP with Ezeelogin in Ubuntu. Refer this article.

To integrate OpenLDAP with Ezeelogin in CentOS. Refer this article.