OpenLDAP – Using phpldapadmin to Maintain your LDAP Server

This is the final part of a multi-part blog post on using OpenLDAP for Net Service Name Resolution.  Part 1 can be found here.

Ok, now that you have installed and configured phpldapadmin, you’ll want to do some customization, that will facilitate using phpldapadmin specifically for maintaining Net Service Names.  Remember, phpldapadmin is a generic tool, that can be used to manage any LDAP server, with virtually any type of content.  At this point, you can use it to manage your LDAP server, but, I’ll provide you two new custom templates, for managing Net Service Names and Net Service Aliases.

Basic phpldapadmin Navigation

First, let’s look at a screen in phpldapadmin.  If you point your browser to http://localhost/phpldapadmin (replace localhost with your appropriate hostname), and then login with the rootdn (cn=admin,dc=proquest,dc=com), and your admin password, you should see a screen that looks like this:

phpldapadmin post login

Now, if you look at the left side panel, you should see an icon that looks like a box with a  plus sign inside of it, followed by your domain.  If you click on the plus sign, you’ll see a screen that looks like this:

phpldapadmin with domain expanded

Now, after expanding the domain, you can see that there are two items listed, ‘cn=admin’, which is the admin user credentials that you defined while setting up OpenLDAP, and ‘cn=OracleContext’, which is where all the Net Service Names and Net Service Aliases are categorized under.  Now, click the plus sign next to the ‘cn=OracleContext’ node, and you’ll something like this:

phpldapadmin w/ OracleContext expanded

So, you you can see all the Net Service Names and Aliases listed.  Notice the star icon, followed by ‘Create new entry here’, immediately following the ‘cn=OracleContext’.  If you want to add a new Net Service Name or Net Service Alias, that’s  where you’ll want to click.  This will create a new entry under the ‘cn=OracleContext’, which is where Net Service Name and Net Service Alias objects must exist, or they will not be recognized by your Oracle client.  So, go ahead and click the ‘Create new entry here’ link, and you’ll see this screen:

phpldapadmin templates listing

So, this shows all the default templates that phpldapadmin provides.  Exactly none of these are useful for maintaining Oracle Net Service Names and Aliases.  Furthermore, to add a Net Service Name or Alias, you’ll need to choose the ‘Default’ template.  This is a difficult and cumbersome way to interface with the LDAP server.  So, what to do?

Custom Templates for phpldapadmin 

Well, I’ve managed to create two new custom templates, for use with phpldapadmin, which I think you’ll find make creating and editing Net Service Names and Aliases, much simpler.  First, download these two files:  custom_orclNetServiceAlias.xml, custom_orclNetService.xml to the root user’s home directory.  Now, my assumption is that you’ll be using phpldapadmin strictly for managing your Oracle Net Service Names and Aliases.  Of course, your OpenLDAP server could be used to serve a wide variety of information, well beyond just Oracle Net Service Names and Aliases, but, I’ll assume you’re not interested in any of that.  So, you’ll want to disable the standard templates that are distributed with phpldapadmin and drop in the two templates you just downloaded.  So, to copy the custom templates into place, execute the following command:

mv /root/custom_orclNetService*.xml /usr/share/phpldapadmin/templates/creation

So, now, to disable the standard templates, and display only the templates specific to Net Service Names and Net Service Aliases, you’ll need to edit the /etc/phpldapadmin/config.php file.

vi /etc/phpldapadmin/config.php

You’ll want to locate lines that look like this (should be around line #159):

/* Just show your custom templates. */
// $config->custom->appearance['custom_templates_only'] = false;

/* Disable the default template. */
// $config->custom->appearance['disable_default_template'] = false;

You’ll want to uncomment those directives, and change the ‘false’ to ‘true’.  When you’re done, those lines should look like this:

/* Just show your custom templates. */
$config->custom->appearance['custom_templates_only'] = true;

/* Disable the default template. */
$config->custom->appearance['disable_default_template'] = true;

Finally, to make the Net Description String a multi-line field, you’ll need to add a directive that looks like this:

// Make orclNetDescString a multi-line attribute
$config->custom->appearance['multi_line_attributes'] = array('orclNetDescString');

I don’t think it matters where in this file this directive appears, but I put it at the end of the ‘Appearance’ section.  (Around line #190, on my system.)

Ok, now that you’ve disabled the phpldapadmin provided templates, as well as the default template, and supplied your own custom templates, let’s revisit the screen where you selected ‘Create new entry here’.  (Be sure to select the ‘Create new entry here’ which is directly under ‘cn=OracleContext’.)  Before you do that, do a quick logout/login, to have the system read in the new templates.  Now, when you select ‘Create new entry here’ under ‘cn=OracleContext’, you’ll see a screen that looks like this:

phpldapadmin custom templates only

So, now we only see the ‘Oracle: Net Service Name’ and ‘Oracle: Net Service Alias’ templates.  This should greatly simplify the task of adding Net Service Names and Aliases, as it removes a bunch of stuff you’ll never use, and adds specific templates for the two types of objects you’re interested in.

Here’s a screenshot of the Net Service Name template:

phpldapadmin net service name multi-line

And here is a screenshot of the Net Service Alias template:

phpldapadmin net service alias template

So, for the Net Service Name, you’ll want to enter the Net Service Name and Net Description String, something like this:

phpldapadmin net service name multi-line w/ values

And, for the Net Service Alias, you’ll want to specify an Alias name and Aliased Object Name, which looks like this:

net service alias data entry

Note the format of the Aliased Object Name.  Also, note that you can use the icon with the magnifying glass on top of the file folder to open a window where you can browse and navigate through the Net Service Names that have been defined.

So, this concludes the setup of OpenLDAP for Oracle Net Service Name resolution.  You have installed OpenLDAP and configured it for Net Service Name resolution.  Optionally, you have set up simple Master/Slave replication.  You have the tns2ldif filter for large scale importation of your enterprise-wide tnsnames.ora file, and finally, you have installed the phpldapadmin tool for GUI-based editing of individual Net Service Names and Aliases.  This should be a complete solution for enterprise-wide Net Service Names resolution.  If you have any questions, comments, or problems, feel free to leave a comment below.

About these ads

3 comments on “OpenLDAP – Using phpldapadmin to Maintain your LDAP Server

  1. […] In the final installment of this series,  I’ll talk a bit about about using phpldapadmin to edit and update your LDAP server. […]

  2. There is also a product called TNSadmin Web Manager GUI for the same purpose at http://www.tnsadmin.com, runs in a Tomcat container and contains REST API for automation tasks.

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s