LDAP Account Manager
- Introduction
- Installation on Turnkey Debian
- Installation on Ubuntu Server 22.04
- Configuration of the LDAP Account Manager
Introduction
What is the LDAP account manager?
LDAP Account Manager (LAM) is a web frontend for managing entries (e.g. users, groups, DHCP settings) stored in an LDAP directory. LAM was designed to make LDAP management as easy as possible for the user. It abstracts from the technical details of LDAP and allows persons without technical background to manage LDAP entries. If needed, power users may still directly edit LDAP entries via the integrated LDAP browser.
Features
The most important account types which are supported by LAM are Samba, Unix, Zarafa and PPolicy. The user can define profiles for all account types to set default values. Account information can be exported as PDF files. There is also the possibility to create users via file upload. It also includes the tree view of PhpLDAPadmin to access the raw LDAP attributes. LAM is translated to 16 languages.
Supported account types:
- Unix
- Samba 3,4
- Kolab
- Address book entries
- Asterisk (incl. voicemail and Asterisk extensions)
- Mail routing
- IMAP mailboxes (non-LDAP, via IMAP protocol)
- Hosts
- FreeRadius
- Authorized services
- SSH keys
- File system quota (in LDAP (systemQuotas) and via external script)
- DHCP entries
- NIS netgroups
Installation on Turnkey Debian
Installation
apt -y install ldap-account-managerThe account manager is available on http://lamp.simmy.ch/lam.
Useful links
https://www.unixmen.com/setup-samba-domain-controller-with-openldap-backend-in-ubuntu-13-04/
https://www.ldap-account-manager.org/lamcms/howto
https://computingforgeeks.com/install-and-configure-ldap-account-manager-on-ubuntu/
https://www.ldap-account-manager.org/lamcms/documentation
Installation on Ubuntu Server 22.04
Install Apache Webserver and PHP
apt -y install apache2 php php-cgi libapache2-mod-php php-mbstring php-common php-pearThen enable php-cgi PHP extension:
a2enconf php*-cgi
systemctl reload apache2Install LDAP Account Manager
apt -y install ldap-account-managerThe account manager is available on http://lam.simmy.ch/lam.
Useful links
https://www.unixmen.com/setup-samba-domain-controller-with-openldap-backend-in-ubuntu-13-04/
https://www.ldap-account-manager.org/lamcms/howto
https://computingforgeeks.com/install-and-configure-ldap-account-manager-on-ubuntu/
https://www.ldap-account-manager.org/lamcms/documentation
Configuration of the LDAP Account Manager
Change master password
Click on LAM configuration on the upper right corner.
"Edit general settings"
The Master password is "lam".
Scroll down to "Change master password" and enter your desired password two times.
The password will be saved in cleartext in a configuration file of LAM
Add certificates
The communication with the the OpenLDAP server over SSL didn't work. So finally I added two certificates. The CA, which I simply uploaded (Choose file --> "Upload") and the certificate of the Domain Controller (enter ldaps://openldap.simmy.ch --> "Import from server").
Scroll down and click "Ok". Restart the apache server:
systemctl restart apache2Create a profile for OpenLDAP
Click on LAM configuration on the upper right corner.
Click on "Edit server profiles".
Click on "Manage server profiles".
Enter these options:
- Profile name --> OpenLDAP
- Profile password --> your password here
- Reenter password --> your password here
- Template --> choose Template "unix" for OpenLDAP
- Add
The password will be saved in cleartext in a configuration file of LAM
Configuration of the profile for OpenLDAP
General settings
Server settings
Server address --> ldap://openldap.simmy.ch:389
Tool settings
Tree suffix: DC=simmy,DC=ch
Security settings
Login method: Fixed list
List of valid users:
cn=admin,dc=simmy,dc=ch
cn=binduser,ou=Users,dc=simmy,dc=ch
cn=Holger Schindler,ou=Users,dc=simmy,dc=chAccount types
Create the OU groups before doing this:
These two LDAP suffixes have to be set:
- CN=Users,DC=simmy,DC=ch
- OU=Groups,DC=simmy,DC=ch
Modules
Nothing to change here.
Module settings
Nothing to change here.
Final
"Save" and login to your profile "OpenLDAP. You will have to enter the password of the Administrator.
Useful links
https://www.unixmen.com/setup-samba-domain-controller-with-openldap-backend-in-ubuntu-13-04/
https://www.ldap-account-manager.org/lamcms/howto
https://computingforgeeks.com/install-and-configure-ldap-account-manager-on-ubuntu/
https://www.ldap-account-manager.org/lamcms/documentation
https://www.ldap-account-manager.org/static/doc/manual.pdf