Skip to Content

How to install OpenLDAP and phpldapadmin in CentOS?

How to install OpenLDAP and phpldapadmin in CentOS 7?

1. Install openldap packages.

root@centos ~]# yum install openldap openldap-servers openldap-clients -y

2. Start and enable openldap service.

root@centos ~]# systemctl start slapd && systemctl enable slapd

3. Create admin LDIF file and replace olcSuffix and olcRootDN.

root@centos ~]# vim bind.ldif

dn: olcDatabase={2}hdb,cn=config
changetype: modify
replace: olcSuffix
olcSuffix: dc=centos,dc=com
 
dn: olcDatabase={2}hdb,cn=config
changetype: modify
replace: olcRootDN
olcRootDN: cn=admin,dc=centos,dc=com
4. To make these changes use ldapmodify command with the appropriate name.

root@centos ~]# ldapmodify -Y EXTERNAL -H ldapi:/// -f bind.ldif

5. Generate password for admin user by using the below command.

root@centos ~]# slappasswd
New password:
Re-enter new password:
{SSHA}lPFlwdh9G8O4OVQ7WPtNjWz5bgx53HcO

6. Create password LDIF file and replace password with yours.

root@centos ~]# vim password.ldif

dn: olcDatabase={2}hdb,cn=config
changeType: modify
add: olcRootPW
olcRootPW: {SSHA}lPFlwdh9G8O4OVQ7WPtNjWz5bgx53HcO
7. To make these changes use ldapmodify command with the appropriate name.

root@centos ~]# ldapmodify -Y EXTERNAL -H ldapi:/// -f password.ldif

8. To allow access to the LDAP database, replace olcAccess attribute with yours.

root@centos ~]# vim config.ldif

dn: olcDatabase={1}monitor,cn=config
changetype: modify
replace: olcAccess
olcAccess: {0}to * by dn.base="gidNumber=0+uidNumber=0,cn=peercred,cn=external, cn=auth" read by dn.base="cn=admin,dc=centos,dc=com" read by * none

9. To make these changes use ldapmodify command with the appropriate name.

root@centos ~]# ldapmodify -Y EXTERNAL -H ldapi:/// -f config.ldif

10. Use ldapsearch to validate the attribute that has changed.

root@centos ~]# ldapsearch -Y EXTERNAL -H ldapi:/// -b cn=config olcDatabase=\*

11. Check configuration with the below command.

root@centos ~]# slaptest -u

12. Create a LDIF file that saves the base DN.

root@centos ~]# vim base.ldif

dn: dc=centos,dc=com
o: ldap
objectclass: dcobject
objectclass: organization

13. Use ldapadd with the bind DN and admin password to add base.ldif.

root@centos ~]# ldapadd -f base.ldif -H ldapi:/// -D cn=admin,dc=centos,dc=com -W

Enter LDAP Password:

14. Install phpldapadmin package.

root@centos ~]# yum -y install phpldapadmin

15. Edit phpldapadmin configuration file and comment #Require local and add a new line Require all granted.

root@centos ~]# vim /etc/httpd/conf.d/phpldapadmin.conf

#Require local
Require all granted

16. Modify the configuration file located at /etc/phpldapadmin/config.php to look like the one below.

root@centos ~]# vim /etc/phpldapadmin/config.php
$servers->setValue('server','name','CentOS LDAP');
$servers->setValue('server','host','127.0.0.1');
$servers->setValue('server','port',389);
$servers->setValue('server','base',array('dc=centos,dc=com'));
$servers->setValue('login','attr','dn'); 
// $servers->setValue('login','attr','uid'); 
$servers->setValue('login','bind_id','cn=admin,dc=centos,dc=com');
$config->custom->appearance['hide_template_warning'] = true;
 
17. After making the changes open the browser and access your LDAP administration dashboard with http://server_ip/phpldapadmin

18. The following image shows the GUI of phpldapadmin.

     Click on " login" button at the top left corner of GUI to log in to the admin dashboard. 

19. Creating groups in LDAP
Click on the create a child entry and select the Object which you want to create. 
 
 
20. Create User in LDAP
Click on the create a child entry and select Generic: User Account. Specify the username, select the GID Number from the drop-down menu, provide home directory, password, user ID and then click on Create Object to create the user. 
 

To integrate OpenLDAP with Ezeelogin in Ubuntu. Refer this article.

To integrate OpenLDAP with Ezeelogin in CentOS. Refer this article.