Differences

This shows you the differences between two versions of the page.

--- vms:openldap [2015/11/12 18:26]
admin
+++ vms:openldap [2015/11/16 18:44] (current)
admin [Securing access with a self-signed certificate]
@@ Line 37: / Line 37: @@
 # This file should be world readable but not world writable.
-BASE    dc=home,dc=be
+BASE    dc=home,dc=brussels
 URI     ldap://192.168.1.201 ldap://192.168.1.201:666
@@ Line 48: / Line 48: @@
 </code>
+Then we reconfigure the LDAP package with the newly introduced values:
+<code>
+> dpkg-reconfigure slapd
+</code>
+  * Omit: NO
+  * DNS domain name: home.brussels
+  * Organisation: Family
+  * Password: *****
+  * Database: HDB
+  * Remove when purged: YES
+  * Move old: YES
+  * LDAPv2: NO
+Check install with:
+<code>
+> ldapsearch -x
+</code>
 ==== Install phpLDAPadmin ====
@@ Line 59: / Line 77: @@
 Then we configure phpLDAPadmin:
 <code>
-> nano /etc/phpldapadmin/config.php
+> nano -c /etc/phpldapadmin/config.php
+[line 85]  $config->custom->appearance['timezone'] = 'Europe/Brussels';
+[line 161] $config->custom->appearance['hide_template_warning'] = true;
 [line 286] $servers->setValue('server','name','Home LDAP Server');
-[line 300] $servers->setValue('server','base',array('dc=home,dc=be'));
+[line 300] $servers->setValue('server','base',array('dc=home,dc=brussels'));
-[line 326] $servers->setValue('login','bind_id','cn=admin,dc=home,dc=be');
+[line 326] $servers->setValue('login','bind_id','cn=admin,dc=home,dc=brussels');
 </code>
 Now we should be able to access the phpLDAPadmin Web GUI at http://192.168.1.201/phpldapadmin
+==== Securing access with a self-signed certificate ====
+This comes from [[https://www.rosehosting.com/blog/install-and-configure-openldap-and-phpldapadmin-on-ubuntu-14-04/|this article]].
+Create a directory to hold your certificate and key:
+<code>
+> mkdir /etc/apache2/ssl
+> openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/apache2/ssl/apache.key -out /etc/apache2/ssl/apache.crt
+</code>
+After you answer the questions, your certificate and key will be written to the **/etc/apache2/ssl** directory. We need to activate the apache ssl module, and we'll redirect all http requests to https:
+<code>
+> a2enmod ssl
+> nano /etc/apache2/sites-enabled/000-default
+...
+    DocumentRoot /var/www
+    Redirect permanent /phpldapadmin https://192.168.1.201/phpldapadmin
+    <Directory />
+...
+</code>
+Now let's enable the default ssl apache configuration:
+<code>
+> nano -c /etc/apache2/sites-available/default-ssl
+...
+    ServerAdmin webmaster@localhost
+    ServerName 192.168.1.211
+...
+[line 43/44]
+   SSLCertificateFile    /etc/apache2/ssl/apache.crt
+   SSLCertificateKeyFile /etc/apache2/ssl/apache.key
+...
+> a2ensite default-ssl
+> service apache2 restart
+</code>
+We now have an encrypted connection to our LDAP server. [[http://www.linux.com/learn/tutorials/377952:manage-ldap-data-with-phpldapadmin|This article]] gives a basic example of creating and managing groups and users.