Directory Access is something that is needed when an organisation grew in size, its quite obvious to set this on microsoft windows, but when trying to replicate the same on ubuntu it gets you a lot of headache. Hopefully this post can do you a world of favor

The first thing you’ll want to do is run an update/upgrade on the server. Remember, during this process the kernel could be upgraded, which will require a reboot. Because of this, run the update/upgrade during a time when a reboot is feasible.

To take care of the update/upgrade, open a terminal window and issue the commands:

sudo apt-get update
sudo apt-get upgrade

Once that finishes, you’re ready to install OpenLDAP. For this, go back to the terminal window and issue the command:

sudo apt install slapd ldap-utils

During the installation, you will be asked to create an admin password for the LDAP directory (Figure A).

Figure A

Figure A

Creating an LDAP admin password.

After the installation completes, you may want to modify the default Directory Information Tree (DIT) suffix. Let’s go ahead and do that. We’ll change our DIT to dc=example,dc=com. You can change yours to fit your company network needs. To do this, run the command:

sudo dpkg-reconfigure slapd

When prompted, answer No for the first question (omitting an initial configuration). For our DNS name we’ll enter (Figure B).

Figure B

Figure B

Configure your DNS name to fit your needs.

You will then be asked to configure the Organization name, and then enter/verify the admin password you created during the installation. Once you’ve done that, select MDB as the database backend, and then select No for removing the database when slapd is purged. Finally, select Yes to move the old database, and you’re done with the installation and configuration.

Because LAM can be found in the standard repositories, Installation is actually quite simple. Open a terminal window and issue the following command:

sudo apt -y install ldap-account-manager

Once the installation completes, you’ll want to restrict LAM to only IP addresses on your LAN (Unless you plan on accessing LAM from the WAN). To do this, issue the command:

sudo nano /etc/apache2/conf-enabled/ldap-account-manager.conf

In that file, look for the line:

Require all granted

Comment that out (by adding a # to the beginning of the line) and add the following line below it:

Require ip

Make sure to substitute your LAN address scheme in the above line.

Save and close that file. Restart Apache with the command:

sudo systemctl restart apache2

Opening the web interface

Open a browser and point it to�http://SERVER_IP/lam�(where SERVER_IP is the IP address of the server hosting LAM). In the resulting screen (Figure A), click LAM configuration in the upper right corner.

Figure A

Figure A

Created with GIMP

In the next window click Edit server profiles. You will then be prompted for the default profile password. Type lam and click OK. You should now see the Server settings page (Figure B).

Figure B

Figure B

The LAM server settings page.

If your LDAP server is on a different machine, enter its IP address in the Server address section. Scroll to the bottom of this page and create a new password for the LAM default profile. Once you’ve done that, click the Save button. You’ll then be prompted to go back to the default profile and log back in. Once you’ve logged back in, you need to configure a minimum of the following (in the Edit Server profiles section), according to your LDAP server:

  • Under Security settings, set the dashboard login by specifying the LDAP admin user account (and domain components).
  • In the Account Types tab, configure the Active account types LDAP suffix and List attributes.


Once you’ve configured those options, click Save. You’ll be logged out of the Server profile manager, where you can then log into LAM with your LDAP server admin credentials. Upon successful login, you’ll find yourself on the LAM management screen (Figure C), where you can start administering your LDAP server.

Figure C

Figure C

The LAM main window.

Reporting for duty

And that’s all there is to it. You now have a powerful, user-friendly, web-based LDAP manager ready for duty. It’ll take you about five minutes to get this up and running. Considering how much more efficient your LDAP work will be, that’s time well spent.


Source :