I'm doing something egregious, I think; I'm working on a project without looking to see what progress has been made on it, if any, in the past:OpenLDAP appliance. I think I'm reconciled with this because it's a weak spot for me and a really weak spot for my organization.

My goal is to be able to patch an existing LAMP appliance running several patched applications so that I can have my students login to each appiance with the same login.

I've done a build with web front ends and the openLDAP suite, which was a bit more than I can handle at once.

So I'm going to post in stages.

Forum: 

Using the LAMP appliance as a starting point (possibly I should remove mysqld).

These build notes take care of the installation and initial configuration of two php-based web front ends: phpLDAPadmin and LDAP Account Manager.

Why two? 1) I haven't the knowledge to evaluate; 2) LDAP Account Manager has a pro and a con: pro, it's in the repos; con, it's hobbled so one must pay for full features. Since I know nothing, I haven't idea of the value of those features; personally, I resent hobbling free software. (3, counting the webmin module.)

This takes care of the hostname, the packages for openLDAP and the initial configuration.

#Set Hostname
HOSTNAME=openldap
echo "$HOSTNAME" > /etc/hostname
sed -i "s|127.0.1.1 \(.*\)|127.0.1.1 $HOSTNAME|" /etc/hostname

#Install Dependencies
apt-get update
DEBIAN_FRONTEND=noninteractive apt-get -y \
    -o DPkg::Options::=--force-confdef \
    -o DPkg::Options::=--force-confold \
    install \
    ldap-account-manager \
    slapd \
    ldap-utils \
    gnutls-bin \
    ldapscripts \
    libnss-ldap \
    gnutls-bin \
    webmin-ldap-server

wget http://sourceforge.net/projects/phpldapadmin/files/phpldapadmin-php5/1.2.1.1/phpldapadmin-1.2.1.1.tgz
tar xvzf phpldapadmin-1.2.1.1.tgz
mv phpldapadmin-1.2.1.1/ /var/www/pla
cp /var/www/pla/config/config.php.example /var/www/pla/config/config.php

LDAP-Account manager nicely puts its configuration into conf.d.

To force phpLDAPadmin to use SSL I changed 000-default to the following:

NameVirtualHost *:80
NameVirtualHost *:443

<VirtualHost *:80>
        ServerAdmin webmaster@localhost
        DocumentRoot /var/www/
<Directory "/var/www/pla">
SSLRequireSSL
</Directory>
</VirtualHost>

<VirtualHost *:443>
        SSLEngine on
        SSLCertificateFile /etc/ssl/certs/cert.pem
        ServerAdmin webmaster@localhost
        DocumentRoot /var/www/
<DirectoryMatch "/pla/*">
SSLRequireSSL
</DirectoryMatch>
</VirtualHost>

ScriptAlias /cgi-bin/ /var/www/cgi-bin/

<Directory /var/www/>
        Options Indexes FollowSymLinks MultiViews
        Order allow,deny
        allow from all
</Directory>

A redirect is needed, but I haven't seen the easy path to that yet.

#Please increase the "memory_limit" parameter in your php.ini to at least "64M".

nano /etc/php5/apache2/php.ini

Jeremy Davis's picture

Adrian did a patch for OpenLDAP some time ago. His notes are pretty comprehensive so may be worth a look to see how he did it - not that it excludes you from having a go at it too. :)

Add new comment