Install phpLDAPAdmin on Debian 10/Debian 11

0
2

In this guide, you will learn how to install and setup phpLDAPadmin on Debian 10/Debian 11. phpLDAPadmin (also known as PLA) is a web-based application written in PHP for administering LDAP servers. PLA is designed to manage records in an LDAP server, including creating, modifying, deleting records.

Learn how to install and setup OpenLDAP server with SSL/TLS on Debian 10/Debian 11 by following the link below;

Install and Setup OpenLDAP Server on Debian 10/Debian 11

Install and Setup phpLDAPadmin on Debian 10/Debian 11

Install phpLDAPadmin on Debian 10/Debian 11

phpLDAPadmin is NOT available on Debian 10/Debian 11 default repos;

apt show phpldapadmin
N: Unable to locate package phpldapadmin
N: Unable to locate package phpldapadmin
E: No packages found

Thus, you can simply download the DEB binary from any of these mirror list, under the sub-directory: pool/main/p/phpldapadmin/, for example http://ftp.de.debian.org/debian/pool/main/p/phpldapadmin/.

wget http://ftp.de.debian.org/debian/pool/main/p/phpldapadmin/phpldapadmin_1.2.2-6.3_all.deb

Next, install phpLDAPAdmin on Debian by running the command below;

apt install ./phpldapadmin_1.2.2-6.3_all.deb

On Debian 11

Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
Note, selecting 'phpldapadmin' instead of './phpldapadmin_1.2.2-6.3_all.deb'
The following additional packages will be installed:
  apache2 apache2-bin apache2-data apache2-utils libapache2-mod-php7.4 libapr1 libaprutil1 libaprutil1-dbd-sqlite3 libaprutil1-ldap libcurl4 liblua5.3-0 libsodium23
  libxslt1.1 php php-common php-ldap php-xml php7.4 php7.4-cli php7.4-common php7.4-json php7.4-ldap php7.4-opcache php7.4-readline php7.4-xml psmisc ssl-cert
Suggested packages:
  apache2-doc apache2-suexec-pristine | apache2-suexec-custom www-browser php-pear
The following NEW packages will be installed:
  apache2 apache2-bin apache2-data apache2-utils libapache2-mod-php7.4 libapr1 libaprutil1 libaprutil1-dbd-sqlite3 libaprutil1-ldap libcurl4 liblua5.3-0 libsodium23
  libxslt1.1 php php-common php-ldap php-xml php7.4 php7.4-cli php7.4-common php7.4-json php7.4-ldap php7.4-opcache php7.4-readline php7.4-xml phpldapadmin psmisc
  ssl-cert
0 upgraded, 28 newly installed, 0 to remove and 31 not upgraded.
Need to get 7,669 kB/8,409 kB of archives.
After this operation, 34.2 MB of additional disk space will be used.
Do you want to continue? [Y/n] y
Get:1 /root/phpldapadmin_1.2.2-6.3_all.deb phpldapadmin all 1.2.2-6.3 [740 kB]
Get:2 http://security.debian.org/debian-security bullseye-security/main amd64 apache2-bin amd64 2.4.51-1~deb11u1 [1,407 kB]
Get:3 http://deb.debian.org/debian bullseye/main amd64 libapr1 amd64 1.7.0-6+deb11u1 [106 kB]
Get:4 http://deb.debian.org/debian bullseye/main amd64 libaprutil1 amd64 1.6.1-5 [92.1 kB]
Get:5 http://deb.debian.org/debian bullseye/main amd64 libaprutil1-dbd-sqlite3 amd64 1.6.1-5 [18.8 kB]
Get:6 http://deb.debian.org/debian bullseye/main amd64 libaprutil1-ldap amd64 1.6.1-5 [17.0 kB]
Get:7 http://deb.debian.org/debian bullseye/main amd64 libcurl4 amd64 7.74.0-1.3+b1 [341 kB]
Get:8 http://deb.debian.org/debian bullseye/main amd64 liblua5.3-0 amd64 5.3.3-1.1+b1 [120 kB]
Get:9 http://deb.debian.org/debian bullseye/main amd64 psmisc amd64 23.4-2 [198 kB]
Get:10 http://deb.debian.org/debian bullseye/main amd64 php-common all 2:76 [15.6 kB]
Get:11 http://deb.debian.org/debian bullseye/main amd64 libsodium23 amd64 1.0.18-1 [161 kB]
Get:12 http://deb.debian.org/debian bullseye/main amd64 libxslt1.1 amd64 1.1.34-4 [239 kB]
Get:13 http://security.debian.org/debian-security bullseye-security/main amd64 apache2-data all 2.4.51-1~deb11u1 [160 kB]
Get:14 http://deb.debian.org/debian bullseye/main amd64 php all 2:7.4+76 [6,340 B]
Get:15 http://deb.debian.org/debian bullseye/main amd64 php-ldap all 2:7.4+76 [6,364 B]
Get:16 http://deb.debian.org/debian bullseye/main amd64 php-xml all 2:7.4+76 [6,384 B]
Get:17 http://security.debian.org/debian-security bullseye-security/main amd64 apache2-utils amd64 2.4.51-1~deb11u1 [255 kB]
Get:18 http://deb.debian.org/debian bullseye/main amd64 ssl-cert all 1.1.0+nmu1 [21.0 kB]
Get:19 http://security.debian.org/debian-security bullseye-security/main amd64 apache2 amd64 2.4.51-1~deb11u1 [270 kB]
Get:20 http://security.debian.org/debian-security bullseye-security/main amd64 php7.4-common amd64 7.4.25-1+deb11u1 [1,022 kB]
Get:21 http://security.debian.org/debian-security bullseye-security/main amd64 php7.4-json amd64 7.4.25-1+deb11u1 [19.3 kB]
Get:22 http://security.debian.org/debian-security bullseye-security/main amd64 php7.4-opcache amd64 7.4.25-1+deb11u1 [198 kB]
Get:23 http://security.debian.org/debian-security bullseye-security/main amd64 php7.4-readline amd64 7.4.25-1+deb11u1 [12.3 kB]
Get:24 http://security.debian.org/debian-security bullseye-security/main amd64 php7.4-cli amd64 7.4.25-1+deb11u1 [1,428 kB]
Get:25 http://security.debian.org/debian-security bullseye-security/main amd64 libapache2-mod-php7.4 amd64 7.4.25-1+deb11u1 [1,373 kB]
Get:26 http://security.debian.org/debian-security bullseye-security/main amd64 php7.4 all 7.4.25-1+deb11u1 [48.9 kB]
Get:27 http://security.debian.org/debian-security bullseye-security/main amd64 php7.4-ldap amd64 7.4.25-1+deb11u1 [29.6 kB]
Get:28 http://security.debian.org/debian-security bullseye-security/main amd64 php7.4-xml amd64 7.4.25-1+deb11u1 [97.9 kB]
Fetched 7,669 kB in 2s (3,530 kB/s)
Preconfiguring packages ...

Note that on Debian 11, the command above installs phpLDAPAdmin alongside PHP 7.4 and PHP 7.3 on Debian 10 by default.

So expect a number of warnings on deprecation when running phpLDAPadmin.

Configuring phpLDAPadmin on Debian 10/Debian 11

The default configuration file for phpLDAPadmin is /etc/phpldapadmin/config.php. This is the file that we are going to edit to make our configuration changes as per LDAP server settings.

vim /etc/phpldapadmin/config.php

The configuration file is highly commented. We are only going to make a few changes in this demo, enough to access and run phpLDAPadmin to administer LDAP server.

Set a suitable name for your LDAP server. This is the name that will appear on phpLDAPadmin web interface.

/*********************************************
 * Define your LDAP servers in this section  *
 *********************************************/
...
...
/* A convenient name that will appear in the tree viewer and throughout
   phpLDAPadmin to identify this LDAP server to users. */
$servers->setValue('server','name','Kifarunix-demo LDAP Server');
...

Define the IP address or resolvable hostname of your OpenLDAP server;

$servers->setValue('server','host','ldap.kifarunix-demo.com');

Define the port on which your OpenLDAP server is listening on. In our demo, our OpenLDAP is configured with StartTLS (port 389).

/* The port your LDAP server listens on (no quotes). 389 is standard. */
$servers->setValue('server','port',389);

Set the OpenLDAP base DN. In our setup, OpenLDAP base DN is set to dc=ldapmaster,dc=kifarunix-demo,dc=com.

/* Array of base DNs of your LDAP server. Leave this blank to have phpLDAPadmin
auto-detect it for you. */
$servers->setValue('server','base',array('dc=ldapmaster,dc=kifarunix-demo,dc=com'));

Define your phpLDAPadmin authentication type. In this demo, we choose the default authentication type, session.

$servers->setValue('login','auth_type','session');

Define the Bind DN of the administrative user to login to phpLDAPadmin;

$servers->setValue('login','bind_id','cn=admin,dc=ldapmaster,dc=kifarunix-demo,dc=com');

You can optionally specify an attribute to use when logging in. In our case, we want to use full DN such as, cn=admin,dc=kifarunix-demo,dc=com, for logging in.

$servers->setValue('login','attr','dn');

Configure user ID auto increment when creating users from phpLDAPadmin web interface. This ensures that you do not re-use already assigned user and group IDs. In this setup, we choose the ID from 10000.

/* The minimum number to use when searching for the next available number
(only when 'search' is used for auto_number. */
$servers->setValue('auto_number','min',array('uidNumber'=>10000,'gidNumber'=>10000));

That is all the changes we could make in this guide.

Go through the configuration file and choose any other option you want to configure.

Save and exit the file once done with configuration.

Configure Apache for phpLDAPadmin

Create phpLDAPadmin Apache configuration, /etc/apache2/conf-available/phpldapadmin.conf as follows.

cat > /etc/apache2/conf-available/phpldapadmin.conf << 'EOL'
Alias /phpldapadmin /usr/share/phpldapadmin/htdocs

<Directory /usr/share/phpldapadmin/htdocs>
  <IfModule mod_authz_core.c>
    Require all granted
  </IfModule>
</Directory>
EOL

Set the ownership of the file to www-data.

chown -R www-data: /usr/share/phpldapadmin/

Enable SSL;

cat > /etc/apache2/sites-available/phpldapadmin.conf <'EOL'
<VirtualHost *:443>
        ServerName pla.kifarunix-demo.com
        
        SSLEngine on
        SSLCertificateFile /etc/ssl/certs/kifarunix-demo.crt
        SSLCertificateKeyFile /etc/ssl/private/kifarunix-demo.key
</VirtualHost>
EOL

Configure HTTP/HTTPS redirect;

cat >> /etc/apache2/apache2.conf << 'EOL'
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://pla.silensec.com/$1 [L,R=301]
EOL

Disable Apache default site (with welcome page)

a2dissite 000-default.conf

Enable SSL and rewrite modules;

a2enmod rewrite ssl

Open Apache on firewall to allow external access.

ufw allow "WWW Full"

Check Apache syntax;

apachectl -t
Syntax OK

Restart Apache;

systemctl restart apache2

Accessing phpLDAPadmin on Browser

You can access phpLDAPadmin using the address, https://server-IP-or-Hostname/phpldapadmin.

Install phpLDAPAdmin on Debian 10/Debian 11

If you get the warning,
Deprecated: Array and string offset access syntax with curly braces is deprecated in /usr/share/phpldapadmin/lib/functions.php on line 1614, you can simply replace the curly braces ({}) with square brackets ([]) on the affected line, 1614.

Click login to login to you phpLDAPadmin web user interface. Since we already defined the admin Bind DN, simply enter the password and login;

Install phpLDAPAdmin on Debian 10/Debian 11

Upon successful authentication, you land on phpLDAPAdmin dashboard.

Install phpLDAPAdmin on Debian 10/Debian 11

You can now administer your LDAP server with web interface.

Create LDAP User on phpLDAPadmin

You can refer to this section on how to go about creation of user accounts on phpLDAPAdmin web interface.

How to create LDAP user accounts on phpLDAPadmin

You can explore the functionality of this tool further. That marks the end of our guide on how to install and setup phpLDAPadmin on Debian 10/Debian 11.

Related Tutorials

Install phpLDAPadmin on Rocky Linux 8

Install and Setup phpLDAPadmin on Ubuntu 20.04

LEAVE A REPLY

Please enter your comment!
Please enter your name here