Using OpenLDAP and phpLDAPadmin


Applicable Plans - All Cloud Hosting Plans

OpenLDAP and phpLDAPadmin

Overview

OpenLDAP is a framework for directory services, which can be used by individuals or organizations to create shared address books or listings of resources. eApps Hosting provides the OpenLDAP server, and also the phpLDAPadmin web interface that can be used to manage your OpenLDAP directory services.

This user guide will walk you through installing OpenLDAP and phpLDAPadmin, and demonstrate how to create a simple shared address book that can be accessed by your users (usually through their e-mail clients).

OpenLDAP is a very complex application, and the address book example given in this user guide is only a very small fraction of what can be done. If you are setting up a more involved scenario with OpenLDAP, start with the official documentation, located here - http://www.openldap.org/doc/admin24/. The OpenLDAP group maintains a list of useful articles, books, and web pages here - http://www.openldap.org/faq/data/cache/73.html

Installing OpenLDAP and phpLDAPadmin
    Installing OpenLDAP and phpLDAPadmin from a Control Panel
    Installing OpenLDAP and phpLDAPadmin from the command line

OpenLDAP configuration with phpLDAPadmin
    Connecting to phpLDAPadmin
    Creating a simple address book


Installing OpenLDAP and phpLDAPadmin

OpenLDAP is available with any CentOS template and can be installed from the Control Panel. If you are going to use phpLDAPadmin, you will need to install PHP first, and then phpLDAPadmin.

Installing OpenLDAP and phpLDAPadmin from a Control Panel

Installing OpenLDAP, phpLDAPadmin, and PHP using the ISPmanager Control Panel

If you are using the ISPmanager Control Panel, you can install OpenLDAP (and PHP and phpLDAPadmin) from the Control Panel.

  • For ISPmanager 4, go to Server Settings > Applications. Install OpenLDAP, and make sure to install PHP before installing phpLDAPadmin. More information on installing applications can be found here - Installing Server Applications.

  • For ISPmanager 5, go to Settings > Features. Install OpenLDAP, and make sure to install PHP before installing phpLDAPadmin. More information on installing applications can be found here - Installing Features (Server Applications). Note that in ISPmanager 5, PHP is installed by clicking on Web-server (WWW), then on Edit in the upper left corner, and then select PHP and click on Apply changes. This will install PHP.

Information on how to tell which version of ISPmanager you are using can be found here - ISPmanager versions


PHP requires an additional PHP extension in order for OpenLDAP to be able to talk to PHP. This extension has a different name depending on whether you are using ISPmanager 4 or ISPmanager 5, and may already be installed.

  • For ISPmanager 4, install the php-ldap-X.X.X-1eapps.el6 extension, where X.X.X is the current version of PHP installed on the Virtual Server. This will install the ldap.so PHP extension.

  • For ISPmanager 5, install the ldap extension.

Information on how to install PHP extensions is found in the PHP User Guide - PHP extensions. This covers both ISPmanager 4 and ISPmanager 5.

Installing OpenLDAP and phpLDAPadmin from the command line

OpenLDAP, phpLDAPadmin (and PHP, if necessary) can be installed from the command line of the Virtual Server using yum. To install applications using yum you will need to be able to connect to the Virtual Server using SSH and work as the root user.

You will need to use the yum install -y php php-ldap, yum install -y openldap, and yum install -y phpldapadmin commands.

[root@eapps-example ~]# yum install -y php php-ldap

[root@eapps-example ~]# yum install -y openldap

[root@eapps-example ~]# yum install -y phpldapadmin


OpenLDAP configuration with phpLDAPadmin

This section of the user guide will walk you through creating a simple address book, and adding an entry to it. This address book can be shared with your users. The most common set up is the creation of a company or organization address book that all the users can access through their e-mail client.

This is just a simple example of what can be done with OpenLDAP and phpLDAPadmin. For more complex examples, please refer to the official OpenLDAP documentation.

Connecting to phpLDAPadmin

To connect to phpLDAPadmin, browse to http://eapps-example.com/ldapadmin (substitute your own domain name for eapps-example.com).

This takes you to the phpLDAPadmin main screen, where you can log in.

phpLDAPadmin main screen


Click on login in the left navigation pane to log in. This takes you to the Authenticate to server My LDAP Server screen.

Authenticate to server
  • Login DN - cn=Manager,dc=my-domain,dc=com (use this exact string)

  • Password - the password for phpLDAPadmin is hostname of your Virtual Server. To find the hostname from ISPmanager, go to Server Settings > Server parameters. The Server name is the hostname of your Virtual Server, and your phpLDAPadmin password.

Once you have entered your login information, click on Authenticate. This takes you to the main phpLDAPadmin screen.

phpLDAPadmin logged in

Creating a simple address book

Once you have logged in, you can now create a simple address book that can be shared with other users. For example, this address book could be used as a company directory that listed all the contact information for your employees.

In the My LDAP Server section of the main phpLDAPadmin screen, click on Import.

Import


This opens the Import screen.

Import screen


Copy and paste the following text into the Or paste your LDIF here section of the screen:

dn: ou=people, dc=my-domain, dc=com
objectClass: top
objectClass: organizationalUnit
ou: people


The screen will now look like this:

LDIF file

Once you have pasted in the text, click Proceed >>.


If the import is successful, you will see this message: Adding ou=people,dc=my-domain,dc=com Success

LDIF import success

Adding address book entries

In the left navigation pane, under My LDAP Server, click the [+] (plus sign) to the left of dc=my-domain,dc=com (2). This will expand the listing.

The LDIF file you just imported creates an entry (called an "Organizational Unit" or "ou" in OpenLDAP) called ou=people. Click on people to create an entry in the address book.

people


The first time you click on ou=people, you will see these errors. They can be ignored, and should only appear once:

people errors


In the Select a template to edit the entry screen, select Generic: Address Book Entry

Generic: Address Book Entry


In the next screen, select Create a child entry

Create a child entry


In the next screen - Select a template for the creation process, select Generic: Address Book Entry.

Generic: Address Book Entry


This takes you to the New Address Book Entry (Step 1 of 1) screen. This is the default screen:

New Address Book Entry (Step 1 of 1) default


This is the screen with information filled in. All that is actually needed to create the entry is Last name (which will populate Common Name). If you are creating a shared address book, then you would also want to include the e-mail address and any other contact information as needed.

New Address Book Entry (Step 1 of 1)

Once you have entered the information, click on Create Object.


This takes you to the Create LDAP Entry screen. This is where you can review the information you just entered.

Create LDAP Entry

If everything is correct, click Commit. If anything is incorrect, you will have an opportunity to update in the next screen.

After you click on Commit, you should see this message:

Creation successful

Also you will see a way to update any information in the entry just below this message.


Now you can click on the [+] that is next to ou=people and see the new entry for Test User.

Test User

To add more users, simply go through the Adding address book entries process for each user.



Comments

Please login to comment