Install phpLDAPadmin on CentOS 8

koromicha
|
Last Updated:
|
HowTos, Directory Server, OpenLDAP
|
2 Comments

In this guide, we are going to learn how to install phpLDAPadmin on CentOS 8. phpLDAPadmin is web application written in PHP for administering LDAP and thus it comes in very handy for system administrators who are gui centric. With it, you can administer LDAP via the browser.

Before you can proceed, learn how to install OpenLDAP on CentOS 8 by following the link below;

Install and Setup OpenLDAP on CentOS 8

Installing phpLDAPadmin on CentOS 8

Install PHP and Required Modules

Run the command below to install PHP and other required PHP modules.

dnf install php php-cgi php-mbstring php-common php-pear php-{gd,json,zip} php-ldap

Install phpLDAPadmin

phpLDAPadmin is not available on the default CentOS 8 repositories. Further, it doesn’t support PHP 7.2, which is installed when above commands are run.

php -v
PHP 7.2.11 (cli) (built: Oct  9 2018 15:09:36) ( NTS )
Copyright (c) 1997-2018 The PHP Group
Zend Engine v3.2.0, Copyright (c) 1998-2018 Zend Technologies

However, somebody has made an effort to ensure that phpLDAPadmin supports PHP 7.2. This is none other than breisig. In this guide, we are going to clone breisig’s phpLDAPadmin github repository and install it on CentOS 8.

dnf install git
git clone https://github.com/breisig/phpLDAPadmin.git /usr/share/phpldapadmin

This will install phpLDAPadmin under /usr/share/phpldapadmin directory.

Configure phpLDAPadmin on CentOS 8

After installing phpLDAPadmin, proceed to configure it to connect to your openLDAP server.

To begin with, rename the sample configuration file provided;

cp /usr/share/phpldapadmin/config/config.php{.example,}

Open the configuration file, /usr/share/phpldapadmin/config/config.php for editing;

vim /usr/share/phpldapadmin/config/config.php

Scroll down the configuration file to the section;

/*********************************************
 * Define your LDAP servers in this section  *
 *********************************************/

Define a suitable name for your LDAP server. This name will appear on phpLDAPadmin web interface.

$servers->setValue('server','name','Kifarunix-demo LDAP master');

Set your OpenLDAP address, this can be a resolvable hostname or an IP address.

$servers->setValue('server','host','192.168.56.152');

If your OpenLDAP server is listening on non default port, define the port under the section. (Default is used here)

/* The port your LDAP server listens on (no quotes). 389 is standard. */
// $servers->setValue('server','port',389);

Define your OpenLDAP base DNs.

$servers->setValue('server','base',array('dc=ldapmaster,dc=kifarunix-demo,dc=com'));

If you want to define a static bind DN, set it under the section;

/* The DN of the user for phpLDAPadmin to bind with. For anonymous binds or
    'cookie','session' or 'sasl' auth_types, LEAVE THE LOGIN_DN AND LOGIN_PASS
    BLANK. If you specify a login_attr in conjunction with a cookie or session
    auth_type, then you can also specify the bind_id/bind_pass here for searching
    the directory for users (ie, if your LDAP server does not allow anonymous
    binds. */
 // $servers->setValue('login','bind_id','');
#  $servers->setValue('login','bind_id','cn=Manager,dc=example,dc=com');

/* Your LDAP password. If you specified an empty bind_id above, this MUST also
   be blank. */
// $servers->setValue('login','bind_pass','');
#  $servers->setValue('login','bind_pass','secret');

In this guide, we have chosen not define a static bind DN. Read the highlighted section above.

You can as well define a login attribute.

$servers->setValue('login','attr','dn');

This will require a full DN for logging in.

Those are just but a few phpLDAPadmin configurations made in this guide. Be sure to make configurations to suit your needs.

Save and exit the configuration file and set the proper ownership as shown below;

chown -R apache:apache /usr/share/phpldapadmin

Create Apache for phpLDAPadmin

Next, you need to create web configuration for phpLDAPadmin to define how it is going to be access from the browser.

vim /etc/httpd/conf.d/phpldapadmin.conf
Alias /phpldapadmin /usr/share/phpldapadmin/htdocs

<Directory /usr/share/phpldapadmin/htdocs>
  <IfModule mod_authz_core.c>
    Require all granted
  </IfModule>
</Directory>

Save and exit the configuration file. With this configuration, you will have to access phpLDAPadmin on browser using the URL, http://ldap-server-hostname-OR-IP/phpldapadmin.

On the other hand, you can create an Apache VirtualHost for phpLDAPadmin as shown below. Be sure to make appropriate replacements in the configurations.

vim /etc/httpd/conf.d/phpldapadmin.conf
<VirtualHost *:80>
        ServerName ldapmaster.kifarunix-demo.com
        DocumentRoot /usr/share/phpldapadmin/htdocs
        
        <Directory /usr/share/phpldapadmin/htdocs>
          <IfModule mod_authz_core.c>
            # Apache 2.4
            Require all granted
          </IfModule>
        </Directory>
        ErrorLog /var/log/httpd/ldapmaster.kifarunix-demo.com.error.log
        CustomLog /var/log/httpd/ldapmaster.kifarunix-demo.com.access.log combined
</VirtualHost>

With this configuration, you can access phpLDAPadmin using the URL, http://ldap-server-hostname-OR-IP.

Check apache for syntax errors.

httpd -t

If you get the output, Syntax OK, then you good to go. Otherwise, fix any would be error before you can proceed.

Configure FirewallD

Allow external access to Apache on firewalld, if it is running.

firewall-cmd --add-port=80/tcp --permanent
firewall-cmd --reload

Configure SELinux

If SELinux is running, run the following commands to;

Allow httpd to connect to the network.

setsebool -P httpd_can_network_connect 1

Allow httpd to connect to OpenLDAP server.

setsebool -P httpd_can_connect_ldap 1

Resolve user passwd entries directly from ldap

setsebool -P authlogin_nsswitch_use_ldap 1

To allow system to run with NIS.

setsebool -P nis_enabled 1

Running Apache

Start and enable Apache to run on system boot.

systemctl enable --now httpd

Accessing phpLDAPadmin on CentOS 8

You can now access phpLDAPadmin from any browser using the url. http://server-hostname-or-IP/phpldapadmin or http://server-hostname-or-IP depending on your configuration.

This will take you the phpLDAPadmin web interface.

Install phpLDAPadmin

Click login just below the name of your LDAP server to get a login interface. To login, you can specify your DN for example, cn=admin,dc=ldapmaster,dc=kifarunix-demo,dc=com.

ldapadmin login dn

Upon successful login, you should be able to see your LDAP structure.

ldapadmin centos8

If by clicking the schema you get the error below;

Our attempts to find your SCHEMA have failed (objectclasses)

failed access to schema

Then you need to enable anonymous read access to Subschema on the frontend LDAP database in order to fix this.

If you followed our guide to install and setup OpenLDAP server on CentOS 8 whose link is provided above, then our current access control lists on the frontend database are;

ldapsearch -Q -LLL -Y EXTERNAL -H ldapi:/// -b cn=config '(olcDatabase={-1}frontend)' olcAccess
dn: olcDatabase={-1}frontend,cn=config
olcAccess: {0}to *  by dn.base="gidNumber=0+uidNumber=0,cn=peercred,cn=externa
 l,cn=auth" manage  by * none

To allow anyone to read the LDAP schema, you simply need to add the ACL below to frontend database as the first ACL.

to dn.base="cn=Subschema" by * read

Use LDIF file to implement this change.

vim read-access-to-subschema.ldif
dn: olcDatabase={-1}frontend,cn=config
changetype: modify
add: olcAccess
olcAccess: {0}to dn.base="cn=Subschema" by * read

Update the database.

ldapadd -H ldapi:/// -Y EXTERNAL -f read-access-to-subschema.ldif

List the access control lists again.

ldapsearch -Q -LLL -Y EXTERNAL -H ldapi:/// -b cn=config '(olcDatabase={-1}frontend)' olcAccess
dn: olcDatabase={-1}frontend,cn=config
olcAccess: {0}to dn.base="cn=Subschema" by * read
olcAccess: {1}to *  by dn.base="gidNumber=0+uidNumber=0,cn=peercred,cn=externa
 l,cn=auth" manage  by * none

Restart both LDAP and Apache Service.

systemctl restart httpd slapd

You should now be able to read your OpenLDAP schema and directory tree as well as administer OpenLDAP server from web using phpLDAPadmin.

ldapadmin schema

Related OpenLDAP Tutorials

Implement OpenLDAP Password Policies

Configure ownCloud OpenLDAP Authentication

How to Configure SUDO via OpenLDAP Server

Configure OpenLDAP Host Based Authentication

SUPPORT US VIA A VIRTUAL CUP OF COFFEE

We're passionate about sharing our knowledge and experiences with you through our blog. If you appreciate our efforts, consider buying us a virtual coffee. Your support keeps us motivated and enables us to continually improve, ensuring that we can provide you with the best content possible. Thank you for being a coffee-fueled champion of our work!

Photo of author
koromicha
I am the Co-founder of Kifarunix.com, Linux and the whole FOSS enthusiast, Linux System Admin and a Blue Teamer who loves to share technological tips and hacks with others as a way of sharing knowledge as: "In vain have you acquired knowledge if you have not imparted it to others".

Related Posts

Useful Web Design Tips To Help You Improve Your Online Business

How to Setup NFS Server on Ubuntu 22.04

Install Nagios Plugins on CentOS 8

How to Deploy an Application in a Docker Swarm Cluster

Install LibreNMS on Ubuntu 22.04/Ubuntu 20.04

Setup Kibana Elasticsearch and Fluentd on CentOS 8

2 thoughts on “Install phpLDAPadmin on CentOS 8”

  1. Hi, I’m Using Apache Directory Studio, and i already add this “to dn.base=”cn=Subschema” by * read” but the Apache DS still cannot read the schema. can you help me?

    Reply

    • and one more, how to make address book in mozilla have ability to read the all the email address in ou=poeple, tried to add “to * by *” does not seem to work at all, then i tried to restart slapd service, still does not work

      Reply

Leave a Comment

© 2024 kifarunix.com

Home Advertise with us Privacy Policy