Differences
This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision | ||
vms:openldap [2015/11/15 16:05] admin [Install OpenLDAP packages] |
vms:openldap [2015/11/16 18:44] (current) admin [Securing access with a self-signed certificate] |
||
---|---|---|---|
Line 51: | Line 51: | ||
<code> | <code> | ||
> dpkg-reconfigure slapd | > dpkg-reconfigure slapd | ||
+ | </code> | ||
+ | | ||
+ | * Omit: NO | ||
+ | * DNS domain name: home.brussels | ||
+ | * Organisation: Family | ||
+ | * Password: ***** | ||
+ | * Database: HDB | ||
+ | * Remove when purged: YES | ||
+ | * Move old: YES | ||
+ | * LDAPv2: NO | ||
+ | |||
+ | Check install with: | ||
+ | <code> | ||
+ | > ldapsearch -x | ||
</code> | </code> | ||
==== Install phpLDAPadmin ==== | ==== Install phpLDAPadmin ==== | ||
Line 63: | Line 77: | ||
Then we configure phpLDAPadmin: | Then we configure phpLDAPadmin: | ||
<code> | <code> | ||
- | > nano /etc/phpldapadmin/config.php | + | > nano -c /etc/phpldapadmin/config.php |
+ | [line 85] $config->custom->appearance['timezone'] = 'Europe/Brussels'; | ||
+ | [line 161] $config->custom->appearance['hide_template_warning'] = true; | ||
[line 286] $servers->setValue('server','name','Home LDAP Server'); | [line 286] $servers->setValue('server','name','Home LDAP Server'); | ||
[line 300] $servers->setValue('server','base',array('dc=home,dc=brussels')); | [line 300] $servers->setValue('server','base',array('dc=home,dc=brussels')); | ||
Line 71: | Line 87: | ||
Now we should be able to access the phpLDAPadmin Web GUI at http://192.168.1.201/phpldapadmin | Now we should be able to access the phpLDAPadmin Web GUI at http://192.168.1.201/phpldapadmin | ||
+ | |||
+ | ==== Securing access with a self-signed certificate ==== | ||
+ | |||
+ | This comes from [[https://www.rosehosting.com/blog/install-and-configure-openldap-and-phpldapadmin-on-ubuntu-14-04/|this article]]. | ||
+ | |||
+ | Create a directory to hold your certificate and key: | ||
+ | <code> | ||
+ | > mkdir /etc/apache2/ssl | ||
+ | > openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/apache2/ssl/apache.key -out /etc/apache2/ssl/apache.crt | ||
+ | </code> | ||
+ | |||
+ | After you answer the questions, your certificate and key will be written to the **/etc/apache2/ssl** directory. We need to activate the apache ssl module, and we'll redirect all http requests to https: | ||
+ | <code> | ||
+ | > a2enmod ssl | ||
+ | > nano /etc/apache2/sites-enabled/000-default | ||
+ | ... | ||
+ | DocumentRoot /var/www | ||
+ | Redirect permanent /phpldapadmin https://192.168.1.201/phpldapadmin | ||
+ | <Directory /> | ||
+ | ... | ||
+ | </code> | ||
+ | |||
+ | Now let's enable the default ssl apache configuration: | ||
+ | <code> | ||
+ | > nano -c /etc/apache2/sites-available/default-ssl | ||
+ | ... | ||
+ | ServerAdmin webmaster@localhost | ||
+ | ServerName 192.168.1.211 | ||
+ | ... | ||
+ | [line 43/44] | ||
+ | SSLCertificateFile /etc/apache2/ssl/apache.crt | ||
+ | SSLCertificateKeyFile /etc/apache2/ssl/apache.key | ||
+ | ... | ||
+ | |||
+ | > a2ensite default-ssl | ||
+ | > service apache2 restart | ||
+ | </code> | ||
+ | |||
+ | We now have an encrypted connection to our LDAP server. [[http://www.linux.com/learn/tutorials/377952:manage-ldap-data-with-phpldapadmin|This article]] gives a basic example of creating and managing groups and users. |