Here is an LDAP implementation on an LXC container. We will install OpenLDAP and phpLDAPAdmin inside an LXC Ubuntu 22 container.
Installing LDAP
Following will install a brand new lxc
called ldap
using the ubuntu
.
lxc image list images: | grep -i ubuntu/lunar
lxc launch images:ubuntu/lunar ldap
lxc list
lxc image list
lxc start ldap
lxc info ldap
lxc exec ldap bash
Update Ubuntu (! on your own risk)
apt update
Install ldap-utils
.
apt -y install slapd ldap-utils
systemctl status slapd
“slapcat
” should give you some results.
dpkg-reconfigure slapd
Proceed with editing /etc/ldap/ldap.conf
BASE dc=SubDomain,dc=DomainBulk,dc=Extention
URI ldap://localhost
, where SubDomain
is the nameserver section of your domain, DomainBulk
is the bulk section of your domain and the Extention
is the extention of your domain. For example if your domain is hpc.sabanciuniv.edu
then :
BASE dc=hpc,dc=sabanciuniv,dc=edu
URI ldap://localhost
You can do some testing now.
ldapsearch -x (for testing)
Installing phpLDAPadmin
apt install phpldapadmin
Proceed with editing the /etc/phpldapadmin/config.php
file.
$config->custom->appearance['timezone'] = 'Europe/Istanbul';
$servers->setValue('server','name','XXXX LDAP Server');
$servers->setValue('server','base',array('dc=hpc,dc=sabanciuniv,dc=edu'));
$config->custom->appearance['hide_template_warning'] = true;
$servers->setValue('login','bind_id','cn=admin,dc=hpc,dc=sabanciuniv,dc=edu');
$servers->setValue('login','anon_bind',false);
$servers->setValue('login','attr','dn');
$servers->setValue('auto_number','min',array('uidNumber'=>10000,'gidNumber'=>5000));
http://<remote_ip_address>/phpldapadmin
Replace respective sections above according to your needs. You need to replace <remote_ip_address>
with the ip address that you assign to your LDAP server.
At this point you should be able to login to phpLDAPadmin
GUI.
After you login to the GUI you can create a child entries
and groups
according to your needs. If you would like to change Generic User Account template
then:
cd /etc/phpldapadmin/templates/creation
cp posixAccount.xml posixAccount.xml_ori
vi posixAccount.xml
For example to add mail section to the template:
<attribute id="mail">
<display>Email</display>
<order>10</order>
<page>1</page>
</attribute>