LDAP Account Manager (LAM) is a web frontend for managing entries (e.g. users, groups, DHCP settings) stored in an LDAP directory. The LDAP Account Manager tool was designed to make LDAP management as easy as possible for the user.
LAM ease administration of LDAP entries by abstracting the technical details of LDAP and allowing administrators and users without technical background to manage LDAP server. If needed, experienced users can directly edit LDAP entries via the integrated LDAP browser.
Features of LDAP Account Manager
- Manages Unix, Samba 3/4, Kolab 3, Kopano, DHCP, SSH keys, a group of names and much more
- Has support for 2-factor authentication
- Support for account creation profiles
- CSV file upload
- Automatic creation/deletion of home directories
- setting file system quotas
- PDF output for all accounts
- schema and LDAP browser
- manages multiple servers with different configurations
You can unlock more features with LDAP Account Manager pro edition, such as:
- Users being able to edit their own data (e.g. password, address, telephone numbers, …)
- Uses resetting their own passwords
- Support for users self-registration
- Support for custom LDAP schema
- Unix, Samba 3/4, Kopano, …
- Supports multiple self-service profiles (e.g. for different LDAP servers and/or use-cases)
LDAP Account Manager Dependencies
LDAP Account Manager has a number of dependencies, namely:
- OpenLDAP server: Install and configure OpenLDAP on CentOS 8
- PHP and Apache web server
- A user account with sudo privileges
The steps below highlight how to install and configure LDAP Account Manager on CentOS 8 .
Step 1: Install OpenLDAP Server
Install OpenLDAP on CentOS 8 using the guide below.
Step 2: Install Apache Web server & PHP
Install Apache and PHP on your CentOS 8 server. Also install PHP modules that will be required to setup LDAP Account Manager.
sudo dnf install httpd httpd-tools php php-fpm php-mysqlnd php-opcache php-gd php-xml php-mbstring php-json php-gmp php-zip php-ldap -y
Start and enable Apache server and PHP-FPM.
sudo systemctl enable --now php-fpm sudo systemctl enable --now httpd
Check that the services are running.
sudo systemctl status php-fpm sudo systemctl status httpd
Inform SELinux to allow Apache to serve PHP files through PHP-FPM
sudo setsebool -P httpd_execmem 1
sudo systemctl restart httpd
Allow Apache through firewall
sudo firewall-cmd --permanent --zone=public --add-service=http sudo firewall-cmd --reload
Step 3: Install LDAP Account Manager
Download the latest RPM file from LAM release page. At the time of this tutorial, the latest version is 7.4.0.
Install the RPM file on your CentOS 8 host.
sudo rpm -i ldap-account-manager-*.rpm
Step 3: Configure LDAP Account Manager
Access the LDAP Manager web interface with:
http://(server IP or hostname)/lam
You will be directed to the LDAP account manager login page.
LAM configuration option on the upper right corner to configure your LDAP manager instance.
On the page that appears, click on “Edit Server Profiles”.
This will ask for profile name password and password.
The default password is lam
Change the default password as soon as you have gained access. This is in the General settings page under Profile password.
Next, set the LDAP server address and Tree Suffix to match the details of your domain.
Configure the dashboard login user by specifying the admin user account and domain components in the Security settings.
Navigate to “Account Types” page and configure Active account types for users and groups.
You can enable several other user and group modules in the “Modules” page.
Finally, click “Save” at the bottom to write the changes.
Step 4: Add user accounts and groups with LDAP Account Manager
Login with the account admin to manage your users and groups.
Create User Group
You will be required to create a user group before creating the users. Navigate to Groups > New Group to add a new group.
Assign the Group name, the other fields are optional.
Add User Accounts
We can now proceed to create users once the groups have been setup. Go to Users > New User to add a new user account to LDAP.
Add the following information for the entries.
- Personal – The personal details of the user, including names, contact details. The important field is the last name.
- Unix – Contains the username, the user groups, user home directory, the users default shell.
- Shadow – This is where you configure password aging information.
Once this is done, you can now configure your Linux servers and applications to authenticate against the LDAP server.
Check the guide below on how to setup LDAP client on Ubuntu.