LDAP

= Install OpenLDAP Server =

Source: linuxbabe.com

sudo apt install slapd ldap-utils
 * Install Stand-Alone LDAP Daemon:


 * Set a password for the admin entry in the LDAP directory

systemctl status slapd
 * Check out status of slapd

sudo dpkg-reconfigure slapd
 * Basic Post-Installation Configuration:

Omit LDAP server configuration: NO DNS domain name: Enter your domain name: testlab.com Organization name: TestLab Administrator password: Enter the same password set during installation Database backend: MDB: BDB (Berkeley Database) is slow and cumbersome. It is deprecated and support will be dropped in future OpenLDAP releases. HDB (Hierarchical Database) is a variant of the BDB backend and will also be deprecated. MDB reads are 5-20x faster than BDB. Writes are 2-5x faster. And it consumes 1/4 as much RAM as BDB. Do you want the database to be removed when slapd is purged? No Move old database? Yes Allow LDAPv2 protocol? No   The latest version of LDAP is LDAP v.3, developed in 1997. LDAPv2 is obsolete.

sudo nano /etc/ldap/ldap.conf
 * Configuring the LDAP Clients:

Need to specify two parameters: Base DN URI of our OpenLDAP server

Copy and paste the following text at the end of the file: BASE    dc=testlab,dc=com URI     ldap://localhost

BASE     dc=subdomain,dc=testlab,dc=com ldap://localhost
 * If you used a subdomain when configuring OpenLDAP server, then you need to add the subdomain here like so

ldapsearch -x
 * Testing OpenLDAP Server:

Indicates that OpenLDAP server is working: Result: 0 Success

If you get the following line, then it’s not working: result: 32 No such object

= phpLDAPadmin WebUI =

sudo apt install phpldapadmin
 * Install the Package:

/etc/apache2/conf-enabled/phpldapadmin.conf
 * If you use Apache Web Server, it will create a config file:

To enable HTTPS, you can obtain and install a free TLS certificate issued from Let’s Encrypt.

sudo nano /etc/phpldapadmin/config.php
 * Configuring phpLDAPadmin:

Since OpenLDAP and phpLDAPadmin are running on the same machine, Line 293 specifies that phpLDAPadmin will connect to localhost: $servers->setValue('server','host','127.0.0.1');

Line 296 is commented out by default, which means the standard port 389 will be used: // $servers->setValue('server','port',389);

Line 335 is commented out by default, which means TLS encryption is not enabled: // $servers->setValue('server','tls',false);

Change line 300 to: $servers->setValue('server','base',array);

By default, anonymous login is enabled, Disable it: $servers->setValue('login','anon_bind',false);

Disable template warnings, Go to line 161: $config->custom->appearance['hide_template_warning'] = true;

Save and close the file.

= Access WebUI =

http://10.10.10.1/phpldapadmin
 * Access web interface at:

Credentials: cn=admin,dc=testlab,dc=com Admin password

= Create User =

Source: unixmen.com

Create Objects:
 * Create Organizational Unit(OU):

Click on the “+” sign near the line “dc=testavi” and click “Create new entry here” link. Scroll down and Select “Generic-Organizational Unit”. Enter the name of the Organizational unit (Ex.sales) and Click “Create Object”. Finally, click “Commit”.

Click on the sales OU on the left pane and click on “Create a child entry” link. In the next window, Select “Generic: Posix Group”. Enter the name of the group “sales-group” and click Create Object button. Click Commit to save changes.
 * Create Group:

Click on the sales-group on the left. Select Create a child entry link button. In the next window, Select “Generic: User Account”. Enter the user details such as common name, GID number, last name, Login shell, user password and user id etc. Then Click “Commit” to save the changes.
 * Create User:

Verify with the command: ldapsearch -x

= StartTLS LDAP Encryption =

= Testing LDAP server from Ubuntu = Source: linoxide.com,serverfault.com

Installing LDAP Utilities: sudo apt-get install ldap-utils

Testing LDAP Server: aman@ubuntu:~$ ldapsearch -x -LLL -h ad.testlab.com -D Aman -w pwd@123 -b"cn=Users,dc=testlab,dc=com" -s sub "(objectClass=user)" givenName dn: CN=Administrator,CN=Users,DC=testlab,DC=com

dn: CN=Guest,CN=Users,DC=testlab,DC=com

dn: CN=krbtgt,CN=Users,DC=testlab,DC=com

dn: CN=test,CN=Users,DC=testlab,DC=com givenName: test

dn: CN=Exchange Online-ApplicationAccount,CN=Users,DC=testlab,DC=com

dn: CN=SystemMailbox{1f05a927-7605-455d-8fec-ac7c62c06cd6},CN=Users,DC=testlab ,DC=com

dn: CN=SystemMailbox{bb558c35-97f1-4cb9-8ff7-d53741dc928c},CN=Users,DC=testlab ,DC=com

dn: CN=SystemMailbox{e0dc1c29-89c3-4034-b678-e6c29d823ed9},CN=Users,DC=testlab ,DC=com

dn: CN=DiscoverySearchMailbox {D919BA05-46A6-415f-80AD-7E09334BB852},CN=Users, DC=testlab,DC=com

dn: CN=Migration.8f3e7716-2011-43e4-96b1-aba62d229136,CN=Users,DC=testlab,DC=c om

dn: CN=FederatedEmail.4c1f4d8b-8179-4148-93bf-00a95fa1e042,CN=Users,DC=testlab ,DC=com

dn: CN=SystemMailbox{8cc370d3-822a-4ab8-a926-bb94bd0641a9},CN=Users,DC=testlab ,DC=com

dn: CN=Aman,CN=Users,DC=testlab,DC=com givenName: Aman

dn: CN=test2,CN=Users,DC=testlab,DC=com givenName: test2


 * References