(Last Updated On: October 20, 2018)

LDAP Account Manager (LAM) is a web frontend for managing entries (e.g. users, groups, DHCP settings) stored in an LDAP directory. The LDAP Account Manager tool was designed to make LDAP management as easy as possible for the user.

LAM ease administration of LDAP entries by abstracting the technical details of LDAP and allowing administrators and users without technical background to manage LDAP server. If needed, experienced users can directly edit LDAP entries via the integrated LDAP browser.

Features of LDAP Account Manager

  • Manages Unix, Samba 3/4, Kolab 3, Kopano, DHCP, SSH keys, a group of names and much more
  • Has support for 2-factor authentication
  • Support for account creation profiles
  • CSV file upload
  • Automatic creation/deletion of home directories
  • setting file system quotas
  • PDF output for all accounts
  • schema and LDAP browser
  • manages multiple servers with different configurations

You can unlock more features with LDAP Account Manager pro edition, such as:

  • Users being able to edit their own data (e.g. password, address, telephone numbers, …)
  • Uses resetting their own passwords
  • Support for users self-registration
  • Support for custom LDAP schema
  • Unix, Samba 3/4, Kopano, …
  • Supports multiple self-service profiles (e.g. for different LDAP servers and/or use-cases)

LDAP Account Manager Dependencies

LDAP Account Manager has a number of dependencies, namely:

Here are the steps of installing and configuring LDAP Account Manager on Ubuntu 18.04 and Ubuntu 16.04 LTS server.

Step 1: Install OpenLDAP Server

You need to have installed and running LDAP server, you can use our guide to setup on a new Ubuntu 18.04 or Ubuntu 16.04 LTS server:

Install and configure OpenLDAP & phpLDAPadmin on Ubuntu 18.04 LTS

Skip Step 3: Install phpLDAPadmin on Ubuntu 18.04 LTS when following the guide since you don’t need phpLDAPadmin. LDAP Account Manager is our replacement for phpLDAPadmin.

Step 2: Install Apache Web server & PHP

Install PHP and Apache web server by running the commands below on your terminal

sudo apt -y install apache2 php php-cgi libapache2-mod-php php-mbstring php-common php-pear

Then enable php-cgi PHP extension.

For Ubuntu 18.04, use:

sudo a2enconf php7.2-cgi
sudo  systemctl reload apache2

For Ubuntu 16.04, use:

sudo a2enconf php7.0-cgi
sudo  systemctl reload apache2

Step 3: Install LDAP Account Manager

LDAP Account Manager package is available on Ubuntu repositories, install it with the command:

sudo apt -y install ldap-account-manager

When done with the install, it is recommended to restrict access to the web dashboard by allowing trusted local subnets only. This is optional though and you can skip it.

sudo vim /etc/apache2/conf-enabled/ldap-account-manager.conf

Edit line 12 to comment the line Require all granted and add subnet(s) allowed to access LDAP Account Manager administration interface.

#Require all granted
Require ip 127.0.0.1 192.168.10.0/24 192.168.18.0/24

Restart apache web server after making the change:

sudo systemctl restart apache2

Step 3: Configure LDAP Account Manager

Access  LDAP Account Manager web interface from a trusted machine network on

http://(server’s hostname or IP address)/lam

The LDAP Account Manager Login form will be shown. We need to set our LDAP server profile by clicking on[LAM configuration] at the upper right corner.

Then click on,Edit server profiles

This will ask you for LAM Profile name Password:

Default password is lam

The first thing to change is Profile Password, this is at the end of General Settings page.

Next is to set LDAP Server address and Tree suffix. Mine looks like below, you need to use your Domain components as set in server hostname.

Set Dashboard login by specifying the admin user account and domain components under “Security settings” section.

Switch to “Account types” page and set Active account types LDAP suffix and List attributes.

You can also enable other available account types you wish to use. User and Group modules can be enabled and disabled on “Modules” page.

When done with the settings, click the Save button at the bottom of the page.

Step 4: Add user accounts and groups with LDAP Account Manager

Login with the accountadmin to LAM dashboard to start managing user accounts and groups.

You’ll use the Users and Groups links to manage user accounts and groups.

Add User Group

You need to add a user group before the actual user account. Click on Groups > New Group

Give the group a name, optional group ID and description.

Do the same to add other groups.

Add User Accounts

Once you have the groups for user accounts to be added, click on Users > New user to add a new user account to your LDAP server. You have three sections for user management:

  • Personal – This contains user’s personal information like the first name, last name, email, phone, department, address e.t.c

  • Unix: This section is where you set the Username, Common name, UID number(optional), User comment, User Primary group, and Secondary groups, Home directory and the default Login shell.

  • Shadow: This section is where you add Shadow account extension, things related to password aging/expiry.

You may have more sections depending on the Modules enabled for User and Group management.

Once user accounts are added, the last step is configuring your Linux servers and Applications to authenticate against your LDAP server. See our guide on How to configure Ubuntu 18.04  / Ubuntu 16.04 LTS as LDAP Client for this.