This is a quick note on the use of OpenLDAP for simple identity management within a network. As the number of machines in a network grow, managing credentials between multiple machines becomes a pain. The setup objective is rather simple:
- The first machine, vm 0 – is the one that will manage user credential and identity centrally.
- The second and subsequent machine, derive user identity and credential from the first one.
- When user login to vm1 … vm N – no prior user registration need to be done by sysadmin. IF user login exists on vm0, he would come in. And if his home directory is not yet set, it will then be set.
Before I’ve used and configured openLDAP from scratch, and there are many tutorials on how to set it up. There is even one from Centos7 manual itself: How to configure OpenLDAP Server in Centos 7. But while we’re at it, why stop there? while there are many excellent LDAP client (such as Apache LDAP Studio) – nothing beats the convenience of LDAP PHP Admin.
Again, one then has to wonder – wouldn’t it be awesome if there is already a pre-packaged VM or .ISO for exactly this? I can’t be the only one who want to have this setup as this is such a basic need? And there is. Enter Turnkey Linux OpenLDAP.
Server Configuration (vm 0)
- Download Turnkey Linux OpenLDAP.
- Install and setup the VM. The installation is so straightforward I don’t think any picture would be needed.
- On boot, all the details is set.
- If you want, you can always do it yourself.
User management with LDAP PHP Admin
- access vm0 either by IP or hostname from your web browser.
- Login using admin credential
- Use the menu. Yes, it is that simple.
Again, there is the option of using command line, or LDAP client such as Apache LDAP Studio which is not a bad client at all.
But why bother – with the right setup, you can even do this from your phone. LDAP PHP Admin does not cover everything LDAP can do but the basics of creating, updating, deleting, resetting password, is easily doable from the web UI.
Client Configuration (vm 1 … vm N)
- Login as root into your client VM (vm1 … vm N)
- Check out: Centos7 OpenLDAP Client manual, or just copy paste below:
Shell1234567891011# install packagesyum -y install openldap-clients nss-pam-ldapd# ldapserver=(LDAP server's hostname or IP address)# ldapbasedn="dc=(your own domain name)"authconfig --enableldap \--enableldapauth \--ldapserver=hostname-or-ip-of-server \--ldapbasedn="dc=YOUR-BASE,dc=DN" \--enablemkhomedir \--update
And that’s it. In conclusion, I find that this is a lot easier than I remembered – setting up the client used to involve more config changes than the one liner. I guess with new distro iteration, and with project like turnkey Linux, things could get a lot easier over time!