Friday, May 30, 2014

How to Configure LDAP Through Webmin

Webmin is a web-based interface for system administration for Unix. Using any modern web browser, you can setup user accounts, Apache, DNS, file sharing and much more. Webmin removes the need to manually edit Unix configuration files like /etc/passwd, and lets you manage a system from the console or remotely.

This blog entry shows you how to install and configure LDAP server/client through webmin.

OS: Ubuntu 12.04

Install webmin:
# Download webmin package for debian
# wget http://prdownloads.sourceforge.net/webadmin/webmin_1.690_all.deb
# Install dependent libs and packages:
# apt-get install libnet-ssleay-perl openssl libauthen-pam-perl libio-pty-perl apt-show-versions
# Install webmin
# dpkg -i webmin_1.690_all.deb
Selecting previously unselected package webmin.
(Reading database ... 65600 files and directories currently installed.)
Unpacking webmin (from webmin_1.690_all.deb) ...
Setting up webmin (1.690) ...
Webmin install complete. You can now login to https://youserver.com:10000/
as root with your root password, or as any user who can use sudo
to run commands as root.
Processing triggers for ureadahead ...

Check webmin is installed successfully by going to https://youserver.com:10000/

Install LDAP server:
Log into webmin with https://yourserver:10000/, go to "Un-used Modules -> LDAP Server"


Go to "OpenLDAP Server Configuration", and update the password with "New administration password"

  • Set passwd to "password"
  • Set Root DN to "dc=yourserver,dc=com"
  • Set Admin login DN to "dc=yourserver,dc=com"



Go back and click on "Create Tree", create new DN as below:

  • For Unix user:
    • Distinguished name: dc=Users,dc=yourserver
    • Create example object under new DN? Unix user
  • For Unix group:
    • Distinguished name: dc=Groups,dc=yourserver
    • Create example object under new DN? Unix group


Install nss-pam-ldapd:
Execute following commands on both machines as LDAP SSO client:
# aptitude -y install libnet-ldap-perl libpam-ldapd libnss-ldapd ldap-utils nscd nslcd

Also disable nscd or else may generate unexpected result during LDAP lookup debug:
# update-rc.d-insserv -f nscd remove
# /etc/init.d/nscd stop

Reconfigure all above packages as below:
  • dpkg-reconfigure libpam-ldapd
    • PAM profiles to enable: Unix authentication, LDAP Authentication
  • dpkg-reconfigure libnss-ldapd
    • Name services to configure: group, passwd, shadow
  • dpkg-reconfigure nslcd
    • LDAP server URI: ldap://dev6c1/
    • LDAP server search base: dc=localdomain
    • LDAP authentication to use: none
    • Use StartTLS? No

Install LDAP client:

Go to “Un-used Modules” -> “LDAP Client”, click “Install LDAP client package through webmin”:
Installing package(s) with command apt-get -y --force-yes -f install libnss-ldap libpam-ldap ..

Reading package lists...
Building dependency tree...
Reading state information...
The following extra packages will be installed:
 auth-client-config ldap-auth-client ldap-auth-config
Suggested packages:
 libpam-cracklib
The following packages will be REMOVED:
 libnss-ldapd libpam-ldapd
The following NEW packages will be installed:
 auth-client-config ldap-auth-client ldap-auth-config libnss-ldap libpam-ldap
0 upgraded, 5 newly installed, 2 to remove and 48 not upgraded.
Need to get 138 kB of archives.
After this operation, 311 kB of additional disk space will be used.
Get:1 http://108.59.10.97/ubuntu/ precise/main auth-client-config all 0.9ubuntu1 [15.4 kB]
Get:2 http://108.59.10.97/ubuntu/ precise/main libpam-ldap amd64 184-8.5ubuntu2 [46.0 kB]
Get:3 http://108.59.10.97/ubuntu/ precise/main libnss-ldap amd64 264-2.2ubuntu2 [64.3 kB]
Get:4 http://108.59.10.97/ubuntu/ precise/main ldap-auth-client all 0.5.3 [2760 B]
Get:5 http://108.59.10.97/ubuntu/ precise/main ldap-auth-config all 0.5.3 [9434 B]
Preconfiguring packages ...
Fetched 138 kB in 0s (1108 kB/s)
(Reading database ... 90800 files and directories currently installed.)
Removing libnss-ldapd ...
WARNING: LDAP is still configured in /etc/nsswitch.conf
Removing libpam-ldapd ...
Processing triggers for libc-bin ...
ldconfig deferred processing now taking place
Processing triggers for man-db ...
Selecting previously unselected package auth-client-config.
(Reading database ... 90786 files and directories currently installed.)
Unpacking auth-client-config (from .../auth-client-config_0.9ubuntu1_all.deb) ...
Selecting previously unselected package libpam-ldap.
Unpacking libpam-ldap (from .../libpam-ldap_184-8.5ubuntu2_amd64.deb) ...
Selecting previously unselected package libnss-ldap.
Unpacking libnss-ldap (from .../libnss-ldap_264-2.2ubuntu2_amd64.deb) ...
Selecting previously unselected package ldap-auth-client.
Unpacking ldap-auth-client (from .../ldap-auth-client_0.5.3_all.deb) ...
Processing triggers for man-db ...
Processing triggers for ureadahead ...
Setting up auth-client-config (0.9ubuntu1) ...
Selecting previously unselected package ldap-auth-config.
(Reading database ... 90867 files and directories currently installed.)
Unpacking ldap-auth-config (from .../ldap-auth-config_0.5.3_all.deb) ...
Setting up ldap-auth-client (0.5.3) ...
Setting up ldap-auth-config (0.5.3) ...
Setting up libnss-ldap (264-2.2ubuntu2) ...
update-rc.d: warning: libnss-ldap start runlevel arguments (2 3 4 5) do not match LSB Default-Start values (none)
Setting up libpam-ldap (184-8.5ubuntu2) ...
.. install complete.





Go to “LDAP Server Configuration”, configure server as follows:


Create OU for users and Groups:
Create a base.ldif file as follows:
dn: ou=People,dc=yourserver,dc=com
ou: People
objectClass: top
objectClass: organizationalUnit
description: Parent object of all UNIX accounts

dn: ou=Groups,dc=yourserver,dc=com
ou: Groups
objectClass: top
objectClass: organizationalUnit
description: Parent object of all UNIX groups

then run the following command to add:
# ldapadd -x -h localhost -W -D "cn=Manager,dc=yourserver,dc=com" -f ./base.ldif -c

Now you should be able to add users and Groups into LDAP through webmin:
Go to “LDAP users and groups”
Create User as the following pic:

You can also verify LDAP connection through "LDAP Client":

3 comments:

Unknown said...

Where to create base.ldif?

Unknown said...

Where should i put my base.ldif?

Tony Li Xu said...

Doesn't matter where you put it, as long as you specify the path in ldapadd commend. For exmaple:
# ldapadd -x -h localhost -W -D "cn=Manager,dc=yourserver,dc=com" -f /home/myhome/base.ldif -c