LDAP Account Manager (LAM) is a web frontend for managing entries (e.g. users, groups, DHCP settings) stored in an LDAP directory. The LDAP Account Manager tool was designed to make LDAP management as easy as possible for the user.
LAM ease administration of LDAP entries by abstracting the technical details of LDAP and allowing administrators and users without technical background to manage LDAP server. If needed, experienced users can directly edit LDAP entries via the integrated LDAP browser.
Features of LDAP Account Manager
- Manages Unix, Samba 3/4, Kolab 3, Kopano, DHCP, SSH keys, a group of names and much more
- Has support for 2-factor authentication
- Support for account creation profiles
- CSV file upload
- Automatic creation/deletion of home directories
- setting file system quotas
- PDF output for all accounts
- schema and LDAP browser
- manages multiple servers with different configurations
You can unlock more features with LDAP Account Manager pro edition, such as:
- Users being able to edit their own data (e.g. password, address, telephone numbers, …)
- Uses resetting their own passwords
- Support for users self-registration
- Support for custom LDAP schema
- Unix, Samba 3/4, Kopano, …
- Supports multiple self-service profiles (e.g. for different LDAP servers and/or use-cases)
LDAP Account Manager Dependencies
LDAP Account Manager has a number of dependencies, namely:
- OpenLDAP server: Install and configure OpenLDAP on Ubuntu
- PHP and Apache web server
- A user account with sudo privileges
Here are the steps of installing and configuring LDAP Account Manager on Ubuntu 20.04|18.04 and Ubuntu 16.04 LTS server.
Step 1: Install OpenLDAP Server
You need to have installed and running LDAP server, you can use our guide to setup on a new Ubuntu 20.04|18.04 or Ubuntu 16.04 LTS server:
Step 2: Install Apache Web server & PHP
Install PHP and Apache web server by running the commands below on your terminal
sudo apt -y install apache2 php php-cgi libapache2-mod-php php-mbstring php-common php-pear
php-cgi PHP extension.
sudo a2enconf php7.4-cgi sudo systemctl reload apache2
sudo a2enconf php7.2-cgi sudo systemctl reload apache2
sudo a2enconf php7.0-cgi sudo systemctl reload apache2
Step 3: Install LDAP Account Manager
LDAP Account Manager package is available on Ubuntu repositories, install it with the command:
sudo apt -y install ldap-account-manager
When done with the install, it is recommended to restrict access to the web dashboard by allowing trusted local subnets only. This is optional though and you can skip it.
sudo vim /etc/apache2/conf-enabled/ldap-account-manager.conf
Edit line 12 to comment the line
Require all granted and add subnet(s) allowed to access LDAP Account Manager administration interface.
#Require all granted Require ip 127.0.0.1 192.168.10.0/24 192.168.18.0/24
Restart apache web server after making the change:
sudo systemctl restart apache2
Step 3: Configure LDAP Account Manager
Access LDAP Account Manager web interface from a trusted machine network on:
http://(server’s hostname or IP address)/lam
The LDAP Account Manager Login form will be shown. We need to set our LDAP server profile by clicking on
[LAM configuration] at the upper right corner.
Then click on,
Edit server profiles
This will ask you for LAM Profile name Password:
Default password is lam
The first thing to change is
Profile Password, this is at the end of General Settings page.
Next is to set LDAP
Server address and
Tree suffix. Mine looks like below, you need to use your Domain components as set in server hostname.
Set Dashboard login by specifying the admin user account and domain components under “Security settings” section.
Switch to “Account types” page and set Active account types LDAP suffix and List attributes.
You can also enable other available account types you wish to use. User and Group modules can be enabled and disabled on “Modules” page.
When done with the settings, click the Save button at the bottom of the page.
Step 4: Add user accounts and groups with LDAP Account Manager
Login with the account
admin to LAM dashboard to start managing user accounts and groups.
You’ll use the Users and Groups links to manage user accounts and groups.
Add User Group
You need to add a user group before the actual user account. Click on Groups > New Group
Give the group a name, optional group ID and description.
Do the same to add other groups.
Add User Accounts
Once you have the groups for user accounts to be added, click on Users > New user to add a new user account to your LDAP server. You have three sections for user management:
- Personal – This contains user’s personal information like the first name, last name, email, phone, department, address e.t.c
- Unix: This section is where you set the Username, Common name, UID number(optional), User comment, User Primary group, and Secondary groups, Home directory and the default Login shell.
- Shadow: This section is where you add Shadow account extension, things related to password aging/expiry.
You may have more sections depending on the Modules enabled for User and Group management.
Once user accounts are added, the last step is configuring your Linux servers and Applications to authenticate against your LDAP server. See our guide on How to configure Ubuntu 20.04|18.04 / Ubuntu 16.04 LTS as LDAP Client for this.