TurnKey Linux Virtual Appliance Library

OpenLDAP

I'm doing something egregious, I think; I'm working on a project without looking to see what progress has been made on it, if any, in the past:OpenLDAP appliance. I think I'm reconciled with this because it's a weak spot for me and a really weak spot for my organization.

My goal is to be able to patch an existing LAMP appliance running several patched applications so that I can have my students login to each appiance with the same login.

I've done a build with web front ends and the openLDAP suite, which was a bit more than I can handle at once.

So I'm going to post in stages.

Web Front Ends

Using the LAMP appliance as a starting point (possibly I should remove mysqld).

These build notes take care of the installation and initial configuration of two php-based web front ends: phpLDAPadmin and LDAP Account Manager.

Why two? 1) I haven't the knowledge to evaluate; 2) LDAP Account Manager has a pro and a con: pro, it's in the repos; con, it's hobbled so one must pay for full features. Since I know nothing, I haven't idea of the value of those features; personally, I resent hobbling free software. (3, counting the webmin module.)

This takes care of the hostname, the packages for openLDAP and the initial configuration.

#Set Hostname
HOSTNAME=openldap
echo "$HOSTNAME" > /etc/hostname
sed -i "s|127.0.1.1 \(.*\)|127.0.1.1 $HOSTNAME|" /etc/hostname

#Install Dependencies
apt-get update
DEBIAN_FRONTEND=noninteractive apt-get -y \
    -o DPkg::Options::=--force-confdef \
    -o DPkg::Options::=--force-confold \
    install \
    ldap-account-manager \
    slapd \
    ldap-utils \
    gnutls-bin \
    ldapscripts \
    libnss-ldap \
    gnutls-bin \
    webmin-ldap-server

wget http://sourceforge.net/projects/phpldapadmin/files/phpldapadmin-php5/1.2...
tar xvzf phpldapadmin-1.2.1.1.tgz
mv phpldapadmin-1.2.1.1/ /var/www/pla
cp /var/www/pla/config/config.php.example /var/www/pla/config/config.php

LDAP-Account manager nicely puts its configuration into conf.d.

To force phpLDAPadmin to use SSL I changed 000-default to the following:

NameVirtualHost *:80
NameVirtualHost *:443

<VirtualHost *:80>
        ServerAdmin webmaster@localhost
        DocumentRoot /var/www/
<Directory "/var/www/pla">
SSLRequireSSL
</Directory>
</VirtualHost>

<VirtualHost *:443>
        SSLEngine on
        SSLCertificateFile /etc/ssl/certs/cert.pem
        ServerAdmin webmaster@localhost
        DocumentRoot /var/www/
<DirectoryMatch "/pla/*">
SSLRequireSSL
</DirectoryMatch>
</VirtualHost>

ScriptAlias /cgi-bin/ /var/www/cgi-bin/

<Directory /var/www/>
        Options Indexes FollowSymLinks MultiViews
        Order allow,deny
        allow from all
</Directory>

A redirect is needed, but I haven't seen the easy path to that yet.

#Please increase the "memory_limit" parameter in your php.ini to at least "64M".

nano /etc/php5/apache2/php.ini


Jeremy's picture

Hey Rik

Adrian did a patch for OpenLDAP some time ago. His notes are pretty comprehensive so may be worth a look to see how he did it - not that it excludes you from having a go at it too. :)

Post new comment

The content of this field is kept private and will not be shown publicly. If you have a Gravatar account, used to display your avatar.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Allowed HTML tags: <a> <p> <span> <div> <h1> <h2> <h3> <h4> <h5> <h6> <img> <map> <area> <hr> <br> <br /> <ul> <ol> <li> <dl> <dt> <dd> <table> <tr> <td> <em> <b> <u> <i> <strong> <font> <del> <ins> <sub> <sup> <quote> <blockquote> <pre> <address> <code> <cite> <strike> <caption>

More information about formatting options

Leave this field empty. It's part of a security mechanism.
(Dear spammers: moderators are notified of all new posts. Spam is deleted immediately)