LDAP: Difference between revisions

← Older edit

LDAP (view source)

Revision as of 18:22, 23 June 2020

2,038 bytes added , 3 years ago

→‎StartTLS LDAP Encryption

Amanjosan2008

Bureaucrats, Administrators

4,400

edits

Revision as of 12:40, 14 March 2019 (view source) Amanjosan2008 (talk \| contribs) (→‎phpLDAPadmin) ← Older edit		Latest revision as of 18:22, 23 June 2020 (view source) Amanjosan2008 (talk \| contribs) (→‎StartTLS LDAP Encryption)
(7 intermediate revisions by the same user not shown)
Line 1: [[Category:Lab]] __TOC__ <br /> = Install OpenLDAP Server = Line 61 ⟶ 62: If you use Apache Web Server, it will create a config file: /etc/apache2/conf-enabled/phpldapadmin.conf Access web interface at: ~~http://your-server-ip/phpldapadmin~~ To enable HTTPS, you can obtain and install a free TLS certificate issued from Let’s Encrypt. Line 70 ⟶ 68: sudo nano /etc/phpldapadmin/config.php Since OpenLDAP and phpLDAPadmin are running on the same machine, ~~configure~~Line 293 specifies that phpLDAPadmin towill connect to localhost ~~on the default LDAP port 389 without SSL/TLS encryption.~~: ~~Line 293 specifies that phpLDAPadmin will connect to localhost.~~ $servers->setValue('server','host','127.0.0.1'); Line 296 is commented out by default, which means the standard port 389 will be used.: // $servers->setValue('server','port',389); Line 335 is commented out by default, which means TLS encryption is not enabled.: // $servers->setValue('server','tls',false); ~~Then go to~~Change line 300. to: ~~$servers->setValue('server','base',array('dc=example,dc=com'));~~ ~~Change it to:~~ $servers->setValue('server','base',array()); By default, anonymous login is enabled, Disable it: ~~This will let phpLDAPadmin automatically detect the base DN of your OpenLDAP server. Next, you can disable anonymous login. Go to line 453.~~ ~~// $servers->setValue('login','anon_bind',true);~~ ~~By default, anonymous login is enabled. To disable it, you need to remove the comment character (the two slashes) and change true to false.~~ $servers->setValue('login','anon_bind',false); ~~You will probably want to disable~~Disable template warnings ~~because these warnings are annoying and unimportant.~~, Go to line 161.: ~~// $config->custom->appearance['hide_template_warning'] = false;~~ ~~Remove the comment character and change false to true.~~ $config->custom->appearance['hide_template_warning'] = true; Save and close the file. = Access WebUI = Access web interface at: http://10.10.10.1/phpldapadmin Credentials: cn=admin,dc=testlab,dc=com Admin password = Create User = Source: [https://www.unixmen.com/install-openldap-in-ubuntu-15-10-and-debian-8/ unixmen.com] Create Objects: Create Organizational Unit(OU): Click on the “+” sign near the line “dc=testavi” and click “Create new entry here” link. Scroll down and Select “Generic-Organizational Unit”. Enter the name of the Organizational unit (Ex.sales) and Click “Create Object”. Finally, click “Commit”. Create Group: Click on the sales OU on the left pane and click on “Create a child entry” link. In the next window, Select “Generic: Posix Group”. Enter the name of the group “sales-group” and click Create Object button. Click Commit to save changes. Create User: Click on the sales-group on the left. Select Create a child entry link button. In the next window, Select “Generic: User Account”. Enter the user details such as common name, GID number, last name, Login shell, user password and user id etc. Then Click “Commit” to save the changes. Verify with the command: ldapsearch -x = StartTLS LDAP Encryption = {{UC}} = Testing LDAP server from Ubuntu = Source: [https://linoxide.com/mail/ldapsearch-command-test-ldap-connection/ linoxide.com],[https://serverfault.com/questions/452935/how-to-test-a-ldap-connection-from-a-client serverfault.com] Installing LDAP Utilities: sudo apt-get install ldap-utils Testing LDAP Server: <pre> aman@ubuntu:~$ ldapsearch -x -LLL -h ad.testlab.com -D Aman -w pwd@123 -b"cn=Users,dc=testlab,dc=com" -s sub "(objectClass=user)" givenName dn: CN=Administrator,CN=Users,DC=testlab,DC=com dn: CN=Guest,CN=Users,DC=testlab,DC=com dn: CN=krbtgt,CN=Users,DC=testlab,DC=com dn: CN=test,CN=Users,DC=testlab,DC=com givenName: test dn: CN=Exchange Online-ApplicationAccount,CN=Users,DC=testlab,DC=com dn: CN=SystemMailbox{1f05a927-7605-455d-8fec-ac7c62c06cd6},CN=Users,DC=testlab ,DC=com dn: CN=SystemMailbox{bb558c35-97f1-4cb9-8ff7-d53741dc928c},CN=Users,DC=testlab ,DC=com dn: CN=SystemMailbox{e0dc1c29-89c3-4034-b678-e6c29d823ed9},CN=Users,DC=testlab ,DC=com dn: CN=DiscoverySearchMailbox {D919BA05-46A6-415f-80AD-7E09334BB852},CN=Users, DC=testlab,DC=com dn: CN=Migration.8f3e7716-2011-43e4-96b1-aba62d229136,CN=Users,DC=testlab,DC=c om dn: CN=FederatedEmail.4c1f4d8b-8179-4148-93bf-00a95fa1e042,CN=Users,DC=testlab ,DC=com dn: CN=SystemMailbox{8cc370d3-822a-4ab8-a926-bb94bd0641a9},CN=Users,DC=testlab ,DC=com dn: CN=Aman,CN=Users,DC=testlab,DC=com givenName: Aman dn: CN=test2,CN=Users,DC=testlab,DC=com givenName: test2 </pre> <br /> ;References <references/> <br /> <br /> <br /> {{DISQUS}}