This is part 5 of a multi-part blog post on using OpenLDAP for Net Service Name Resolution. Part 1 can be found here.
Day to Day Management
The tns2ldif program is great for converting a large number of Net Service Names into the LDIF format, for subsequent bulk loading into the LDAP server. But, for day to day operation, where you may want to add or delete individual Net Service Names or modify an existing Net Service Name, hand editing LDIF files is probably not an optimal solution. So, is there a GUI solution that may help with this type of day to day work? There are a few free LDAP GUIs available. The one I have chosen is phpldapadmin.
So, first, let’s install phpldapadmin. If you’ve set up the Master/Slave replication, you’ll want to install phpldapadmin on the Master server.
Start with installing a few prerequisites, thus:
yum -y install php php-ldap
Now, phpldapadmin is not available in the standard Oracle Linux 6 repositories. So, we’ll need to enable an alternate repository, to gain access to phpldapadmin. Executing the following commands will set up the alternate repository:
sudo rpm -Uvh remi-release-6*.rpm epel-release-6*.rpm
Finally, to actually install phpldapadmin, execute the following:
yum --enablerepo=epel -y install phpldapadmin
That’s it for installation!
Now, we just need to configure a few things, to get it working with your OpenLDAP server.
So, to configure phpldapadmin, there’s just a few quick things you’ll want to do. First, edit the /etc/phpldapadmin/config.php file in your favorite editor:
From the editor, look for two lines that look like this (on my system, they are lines 397 and 398 in the file):
In the example above, the first line is commented out, and the second is not. We just want to reverse that. Comment out the second line, and uncomment the first. So, make it look like this instead:
Ok, now save that file and exit the editor. Next, we need one more quick change, this time to the /etc/httpd/conf.d/phpldapadmin.conf file. So, edit the file:
This is a short file, comprising of only a few lines. It should look something like this:
Alias /phpldapadmin /usr/share/phpldapadmin/htdocs
Alias /ldapadmin /usr/share/phpldapadmin/htdocs
Deny from all
Allow from 127.0.0.1
Allow from ::1
Now, identify the like that says “Allow from 127.0.0.1”, as that is the line you’ll need to modify. If you leave this file unmodified, then you’ll only be able to access phpldapadmin from the local host. 127.0.0.1 is local loopback address. So, if you’re not on the server that the phpldapadmin is installed on, you won’t be able to access it. If you want to add access from other hosts, their IP addresses, or network addresses need to be added to this line. In my case, my master server and slave server are running on two different virtual machines on my Macbook Pro laptop. The VMWare software established a network on the 192.168.x.x subnet. So, in my case, i modified that line to look like this:
Allow from 127.0.0.1 192.168.0.0/16
You should adjust it as necessary for your network setup. Ok, time to save this file and exit the editor. Now, all you need to do is to start Apache, thus:
service httpd start
If you want it to restart automatically at boot time, also execute:
chkconfig httpd on
In the final installment of this series, I’ll talk a bit about about using phpldapadmin to edit and update your LDAP server.