Project

General

Profile

Feature #175

Kerberizing phpLDAPAdmin on Debian 7

Added by Daniel Curtis over 11 years ago. Updated almost 10 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Daniel Curtis
Category:
Domain Controller
Target version:
-
Start date:
08/19/2013
Due date:
% Done:

100%

Estimated time:
0.50 h
Spent time:
0.50 h

Description

During the integration of Kerberos and OpenLDAP I still needed to retain the access and management of phpldapadmin. First start off by installing the required package:

sudo apt-get install libapache2-mod-auth-kerb

1. Create a service principal for the Apache2 service on the web server

kadmin -p admin
addprinc -randkey http/www.example.com
ktadd http/www.example.com

2. Set phpLDAPadmin vhost configuration file to use Kerberos

vi /etc/phpldapadmin/apache2.conf

<Directory /usr/share/phpldapadmin/htdocs/>

DirectoryIndex index.php
Options +FollowSymLinks
AllowOverride None

Order allow,deny
Allow from all

AuthType Kerberos
AuthName "LDAP Admin"
KrbAuthRealms EXAMPLE.COM
KrbVerifyKDC off
KrbServiceName http
KrbMethodNegotiate On
KrbMethodK5Passwd On
Krb5KeyTab /etc/apache2/apache2.keyfile
KrbSaveCredentials on
require valid-user
...
</Directory>

3. Enable Kerberos authentication in phpldapadmin configuration file

vi /etc/phpldapadmin/config.php

$servers->setValue('login','bind_id','');
$servers->setValue('login','auth_type','sasl');
$servers->setValue('sasl','mech','GSSAPI');
$servers->setValue('sasl','realm','EXAMPLE.COM');
$servers->setValue('sasl','authz_id_regex','/^uid=([^,]+)(.+)/i');
$servers->setValue('sasl','authz_id_replacement','$1');

Related issues

Related to GNU/Linux Administration - Support #174: Integrated Kerberos OpenLDAP provider on Debian 7ClosedDaniel Curtis08/19/2013

Actions

Also available in: Atom PDF