How to Install and Configure phpLDAPAdmin on CentOS 7 / Ubuntu 16.04

Install and Configure phpLDAPAdmin on Linux

phpLDAPadmin is a web application for administering Lightweight Directory Access Protocol (LDAP) servers.It's written in the PHP programming language, and is licensed 

under the GNU General Public License. The application is available in 14 languagesand supports UTF-8 encoded directory strings.

How to migrate local users to LDAP accounts

On CentOS / RHEL:


phpLDAPAdmin is not available in the main repository, so you need to enable EPEL repository for Redhat based derivatives.

### For RHEL 7 ###

# rpm -ivh https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm

### For CentOS 7 ###

# yum -y install epel-release

Install phpLDAPAdmin:

Install phpLDAPAdmin using "yum" on CentOS and "apt-get" on Ubuntu.

### CentOS 7 / RHEL 7 ###

# yum install -y phpldapadmin

### Ubuntu 16.04 ###

$ sudo apt-get update
$ sudo apt-get install -y phpldapadmin

Configure Apache virtual host on CentOS 7 / RHEL 7:

Default phpLDAPAdmin web config file in /etc/httpd/conf.d directory, it has rules and access permission. phpLDAPAdmin can be accessed only from the localhost (127.0.0.1) check the bellow settings.

# vi /etc/httpd/conf.d/phpldapadmin.conf

Update the configuration file shown like below. 

Alias /phpldapadmin /usr/share/phpldapadmin/htdocs
Alias /ldapadmin /usr/share/phpldapadmin/htdocs

usr/share/phpldapadmin/htdocs>
  <IfModule mod_authz_core.c>
    # Apache 2.4
    # Require local
    Require all granted
  IfModule>
  <IfModule !mod_authz_core.c>
    # Apache 2.2
    Order Deny,Allow
    Deny from all
    Allow from 127.0.0.1
    Allow from ::1
  </IfModule>
</Directory>

Start the apache service in CentOS 7 / RHEL 7.

# systemctl restart httpd.service

Configure the FirewallD to allow external machines to access the dashboard (CentOS / RHEL).

# firewall-cmd --permanent --zone=public --add-service=http
# firewall-cmd --reload

Configure phpLDAPAdmin:

phpLDAPadmin by modifying some of its configuration values.

### CentOS 7 / RHEL 7 ###

# vi /etc/phpldapadmin/config.php

### Ubuntu 16.04 ###

$ sudo nano /etc/phpldapadmin/config.php

A handy name that will appear in the left tree viewer and throughout phpLDAPadmin to identify this LDAP server to users.

$servers->setValue('server','name','HackTheSec Local LDAP Server');

If you are planning to manage the LDAP server other than localhost then you can modify the below parameter. (Optional)

$servers->setValue('server','host','127.0.0.1');

To connect to the LDAP server which listens on the non-standard port. (Optional)

$servers->setValue('server','port',389);

Array of base domain names of your LDAP server. ( Must be set in Ubuntu 16.04)

$servers->setValue('server','base',array('dc=hackthesec,dc=local'));

On CentOS 7 / RHEL 7:

Uncomment the line 397 and comment out the 398, like below.

$servers->setValue('login','attr','dn');
// $servers->setValue('login','attr','uid');

If you have SELinux enabled on CentOS 7 / RHEL 7 then run this command.

# setsebool -P httpd_can_connect_ldap on

Access phpLDAPAdmin:

Open up the web browser and navigate it to the following URL.
http://your-ip-add-ress/phpldapadmin

Click on the "login" link that is visible on the left-hand side of the page. You will be taken to the login page, log in using the LDAP root (ldapadm) account in the form of "cn=ldapadm,dc=hackthesec,dc=local".

If you have below values set in /etc/phpldapadmin/config.php file then the Login DN: will be automatically pre-populated.

$servers->setValue('login','bind_id','cn=ldapadm,dc=hackthesec,dc=local');

Now you can start managing your LDAP server via phpLDAPAdmin.

Thanks for watching ...
www.hackthesec.co.in