Directory Access is something that is needed when an organisation grew in size, its quite obvious to set this on microsoft windows, but when trying to replicate the same on ubuntu it gets you a lot of headache. Hopefully this post can do you a world of favor
The first thing you’ll want to do is run an update/upgrade on the server. Remember, during this process the kernel could be upgraded, which will require a reboot. Because of this, run the update/upgrade during a time when a reboot is feasible.
To take care of the update/upgrade, open a terminal window and issue the commands:
sudo apt-get update sudo apt-get upgrade
Once that finishes, you’re ready to install OpenLDAP. For this, go back to the terminal window and issue the command:
sudo apt install slapd ldap-utils
During the installation, you will be asked to create an admin password for the LDAP directory (Figure A).
After the installation completes, you may want to modify the default Directory Information Tree (DIT) suffix. Let’s go ahead and do that. We’ll change our DIT to dc=example,dc=com. You can change yours to fit your company network needs. To do this, run the command:
sudo dpkg-reconfigure slapd
When prompted, answer No for the first question (omitting an initial configuration). For our DNS name we’ll enter example.com (Figure B).
You will then be asked to configure the Organization name, and then enter/verify the admin password you created during the installation. Once you’ve done that, select MDB as the database backend, and then select No for removing the database when slapd is purged. Finally, select Yes to move the old database, and you’re done with the installation and configuration.
Because LAM can be found in the standard repositories, Installation is actually quite simple. Open a terminal window and issue the following command:
sudo apt -y install ldap-account-manager
Once the installation completes, you’ll want to restrict LAM to only IP addresses on your LAN (Unless you plan on accessing LAM from the WAN). To do this, issue the command:
sudo nano /etc/apache2/conf-enabled/ldap-account-manager.conf
In that file, look for the line:
Require all granted
Comment that out (by adding a # to the beginning of the line) and add the following line below it:
Require ip 192.168.1.0/24
Make sure to substitute your LAN address scheme in the above line.
Save and close that file. Restart Apache with the command:
sudo systemctl restart apache2
Opening the web interface
Open a browser and point it to http://SERVER_IP/lam (where SERVER_IP is the IP address of the server hosting LAM). In the resulting screen (Figure A), click LAM configuration in the upper right corner.
In the next window click Edit server profiles. You will then be prompted for the default profile password. Type lam and click OK. You should now see the Server settings page (Figure B).
If your LDAP server is on a different machine, enter its IP address in the Server address section. Scroll to the bottom of this page and create a new password for the LAM default profile. Once you’ve done that, click the Save button. You’ll then be prompted to go back to the default profile and log back in. Once you’ve logged back in, you need to configure a minimum of the following (in the Edit Server profiles section), according to your LDAP server:
- Under Security settings, set the dashboard login by specifying the LDAP admin user account (and domain components).
- In the Account Types tab, configure the Active account types LDAP suffix and List attributes.
REMEMBER TO CHANGE cn= TO admin OR WHAT EVER IS SET ON PREVIOUS STEP
Once you’ve configured those options, click Save. You’ll be logged out of the Server profile manager, where you can then log into LAM with your LDAP server admin credentials. Upon successful login, you’ll find yourself on the LAM management screen (Figure C), where you can start administering your LDAP server.
Reporting for duty
And that’s all there is to it. You now have a powerful, user-friendly, web-based LDAP manager ready for duty. It’ll take you about five minutes to get this up and running. Considering how much more efficient your LDAP work will be, that’s time well spent.