OpenLDAP – phpldapadmin – Install and Configure

This is part 5 of a multi-part blog post on using OpenLDAP for Net Service Name Resolution.  Part 1 can be found here.

Day to Day Management

The tns2ldif program is great for converting a large number of Net Service Names into the LDIF format, for subsequent bulk loading into the LDAP server.  But, for day to day operation, where you may want to add or delete individual Net Service Names or modify an existing Net Service Name, hand editing LDIF files is probably not an optimal solution.  So, is there a GUI solution that may help with this type of day to day work?  There are a few free LDAP GUIs available.  The one I have chosen is phpldapadmin.

phpldapadmin

So, first, let’s install phpldapadmin.  If you’ve set up the Master/Slave replication, you’ll want to install phpldapadmin on the Master server.

Start with installing a few prerequisites, thus:

yum -y install php php-ldap

Now, phpldapadmin is not available in the standard Oracle Linux 6 repositories.  So, we’ll need to enable an alternate repository, to gain access to phpldapadmin.  Executing the following commands will set up the alternate repository:

wget http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm
wget http://rpms.famillecollet.com/enterprise/remi-release-6.rpm
sudo rpm -Uvh remi-release-6*.rpm epel-release-6*.rpm

Finally, to actually install phpldapadmin, execute the following:

yum --enablerepo=epel -y install phpldapadmin

That’s it for installation!

Now, we just need to configure a few things, to get it working with your OpenLDAP server.

phpldapadmin configuration

So, to configure phpldapadmin, there’s just a few quick things you’ll want to do.  First, edit the /etc/phpldapadmin/config.php file in your favorite editor:

vi /etc/phpldapadmin/config.php

From the editor, look for two lines that look like this (on my system, they are lines 397 and 398 in the file):

// $servers->setValue('login','attr','dn');
$servers->setValue('login','attr','uid');

In the example above, the first line is commented out, and the second is not.  We just want to reverse that.  Comment out the second line, and uncomment the first.  So, make it look like this instead:

$servers->setValue('login','attr','dn');
// $servers->setValue('login','attr','uid');

Ok, now save that file and exit the editor.  Next, we need one more quick change, this time to the /etc/httpd/conf.d/phpldapadmin.conf file.  So, edit the file:

vi /etc/httpd/conf.d/phpldapadmin.conf

This is a short file, comprising of only a few lines.  It should look something like this:

Alias /phpldapadmin /usr/share/phpldapadmin/htdocs
Alias /ldapadmin /usr/share/phpldapadmin/htdocs

<Directory /usr/share/phpldapadmin/htdocs>
Order Deny,Allow
Deny from all
Allow from 127.0.0.1
Allow from ::1
</Directory>

Now, identify the like that says “Allow from 127.0.0.1″, as that is the line you’ll need to modify.  If you leave this file unmodified, then you’ll only be able to access phpldapadmin from the local host.  127.0.0.1 is local loopback address.  So, if you’re not on the server that the phpldapadmin is installed on, you won’t be able to access it.  If you want to add access from other hosts, their IP addresses, or network addresses need to be added to this line.  In my case, my master server and slave server are running on two different virtual machines on my Macbook Pro laptop.  The VMWare software established a network on the 192.168.x.x subnet.  So, in my case, i modified that line to look like this:

Allow from 127.0.0.1 192.168.0.0/16

You should adjust it as necessary for your network setup.  Ok, time to save this file and exit the editor.  Now, all you need to do is to start Apache, thus:

service httpd start

If you want it to restart automatically at boot time, also execute:

chkconfig httpd on

In the final installment of this series,  I’ll talk a bit about about using phpldapadmin to edit and update your LDAP server.

3 comments on “OpenLDAP – phpldapadmin – Install and Configure

  1. […] Stay tuned for OpenLDAP – phpldapadmin – Install and Configure. […]

    • Mark, do you have any experience with integrating with AD to provide external user authentication? I would like to configure our DBA accounts to use AD so that we can basically have the same password for our Windows, Linux (we use Centrify to integrate with AD), and Oracle databases, but everything I have read indicates that you need to replicate from AD to Oracle Directory Server to make this work. BTW – all of our Oracle databases are on Linux. We don’t do Windows…. ;-)

      Any thoughts?

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s