OpenLDAP is a framework for directory services, which can be used by individuals or organizations to create shared address books or listings of resources. eApps Hosting provides the OpenLDAP server, and also the phpLDAPadmin web interface that can be used to manage your OpenLDAP directory services.
This user guide will walk you through installing OpenLDAP and phpLDAPadmin, and demonstrate how to create a simple shared address book that can be accessed by your users (usually through their e-mail clients).
OpenLDAP is a very complex application, and the address book example given in this user guide is only a very small fraction of what can be done. If you are setting up a more involved scenario with OpenLDAP, start with the official documentation, located here - http://www.openldap.org/doc/admin24/. The OpenLDAP group maintains a list of useful articles, books, and web pages here - http://www.openldap.org/faq/data/cache/73.html
Installing OpenLDAP and phpLDAPadmin
Installing OpenLDAP and phpLDAPadmin from a Control Panel
Installing OpenLDAP and phpLDAPadmin from the command line
OpenLDAP configuration with phpLDAPadmin
Connecting to phpLDAPadmin
Creating a simple address book
OpenLDAP is available with any CentOS template and can be installed from the Control Panel. If you are going to use phpLDAPadmin, you will need to install PHP first, and then phpLDAPadmin.
If you are using the ISPmanager Control Panel, you can install OpenLDAP (and PHP and phpLDAPadmin) from the Control Panel.
For ISPmanager 4, go to Server Settings > Applications. Install OpenLDAP, and make sure to install PHP before installing phpLDAPadmin. More information on installing applications can be found here - Installing Server Applications.
For ISPmanager 5, go to Settings > Features. Install OpenLDAP, and make sure to install PHP before installing phpLDAPadmin. More information on installing applications can be found here - Installing Features (Server Applications). Note that in ISPmanager 5, PHP is installed by clicking on Web-server (WWW), then on Edit in the upper left corner, and then select PHP and click on Apply changes. This will install PHP.
Information on how to tell which version of ISPmanager you are using can be found here - ISPmanager versions
PHP requires an additional PHP extension in order for OpenLDAP to be able to talk to PHP. This extension has a different name depending on whether you are using ISPmanager 4 or ISPmanager 5, and may already be installed.
For ISPmanager 4, install the php-ldap-X.X.X-1eapps.el6 extension, where X.X.X is the current version of PHP installed on the Virtual Server. This will install the ldap.so PHP extension.
For ISPmanager 5, install the ldap extension.
Information on how to install PHP extensions is found in the PHP User Guide - PHP extensions. This covers both ISPmanager 4 and ISPmanager 5.
OpenLDAP, phpLDAPadmin (and PHP, if necessary) can be installed from the command line of the Virtual Server using yum
. To install applications using yum you will need to be able to connect to the Virtual Server using SSH and work as the root user.
You will need to use the yum install -y php php-ldap
, yum install -y openldap
, and yum install -y phpldapadmin
commands.
[root@eapps-example ~]# yum install -y php php-ldap
[root@eapps-example ~]# yum install -y openldap
[root@eapps-example ~]# yum install -y phpldapadmin
This section of the user guide will walk you through creating a simple address book, and adding an entry to it. This address book can be shared with your users. The most common set up is the creation of a company or organization address book that all the users can access through their e-mail client.
This is just a simple example of what can be done with OpenLDAP and phpLDAPadmin. For more complex examples, please refer to the official OpenLDAP documentation.
To connect to phpLDAPadmin, browse to http://eapps-example.com/ldapadmin (substitute your own domain name for eapps-example.com).
This takes you to the phpLDAPadmin main screen, where you can log in.
Click on login in the left navigation pane to log in. This takes you to the Authenticate to server My LDAP Server screen.
Login DN - cn=Manager,dc=my-domain,dc=com (use this exact string)
Password - the password for phpLDAPadmin is hostname of your Virtual Server. To find the hostname from ISPmanager, go to Server Settings > Server parameters. The Server name is the hostname of your Virtual Server, and your phpLDAPadmin password.
Once you have entered your login information, click on Authenticate. This takes you to the main phpLDAPadmin screen.
Once you have logged in, you can now create a simple address book that can be shared with other users. For example, this address book could be used as a company directory that listed all the contact information for your employees.
In the My LDAP Server section of the main phpLDAPadmin screen, click on Import.
This opens the Import screen.
Copy and paste the following text into the Or paste your LDIF here section of the screen:
dn: ou=people, dc=my-domain, dc=com objectClass: top objectClass: organizationalUnit ou: people |
The screen will now look like this:
Once you have pasted in the text, click Proceed >>.
If the import is successful, you will see this message: Adding ou=people,dc=my-domain,dc=com Success
In the left navigation pane, under My LDAP Server, click the [+] (plus sign) to the left of dc=my-domain,dc=com (2). This will expand the listing.
The LDIF file you just imported creates an entry (called an "Organizational Unit" or "ou" in OpenLDAP) called ou=people. Click on people to create an entry in the address book.
The first time you click on ou=people, you will see these errors. They can be ignored, and should only appear once:
In the Select a template to edit the entry screen, select Generic: Address Book Entry
In the next screen, select Create a child entry
In the next screen - Select a template for the creation process, select Generic: Address Book Entry.
This takes you to the New Address Book Entry (Step 1 of 1) screen. This is the default screen:
This is the screen with information filled in. All that is actually needed to create the entry is Last name (which will populate Common Name). If you are creating a shared address book, then you would also want to include the e-mail address and any other contact information as needed.
Once you have entered the information, click on Create Object.
This takes you to the Create LDAP Entry screen. This is where you can review the information you just entered.
If everything is correct, click Commit. If anything is incorrect, you will have an opportunity to update in the next screen.
After you click on Commit, you should see this message:
Also you will see a way to update any information in the entry just below this message.
Now you can click on the [+] that is next to ou=people and see the new entry for Test User.
To add more users, simply go through the Adding address book entries process for each user.