LDAP on LXC: A Quick Guide

Posted on by

Here is an LDAP implementation on an LXC container. We will install OpenLDAP and phpLDAPAdmin inside an LXC Ubuntu 22 container.

Installing LDAP

Following will install a brand new lxc called ldap using the ubuntu.

lxc image list images: | grep -i ubuntu/lunar
lxc launch images:ubuntu/lunar ldap
lxc list
lxc image list
lxc start ldap
lxc info ldap
lxc exec ldap bash

Update Ubuntu (! on your own risk)

apt update

Install ldap-utils.

apt -y install slapd ldap-utils
systemctl status slapd

slapcat” should give you some results. 

dpkg-reconfigure slapd

Proceed with editing /etc/ldap/ldap.conf

	BASE     dc=SubDomain,dc=DomainBulk,dc=Extention
	URI      ldap://localhost

, where SubDomain is the nameserver section of your domain, DomainBulk is the bulk section of your domain and the Extention is the extention of your domain. For example if your domain is hpc.sabanciuniv.edu then :

	BASE     dc=hpc,dc=sabanciuniv,dc=edu
	URI      ldap://localhost

You can do some testing now.

ldapsearch -x  (for testing)

Installing phpLDAPadmin

apt install phpldapadmin

Proceed with editing the /etc/phpldapadmin/config.php file.

$config->custom->appearance['timezone'] = 'Europe/Istanbul';
$servers->setValue('server','name','XXXX LDAP Server');
$servers->setValue('server','base',array('dc=hpc,dc=sabanciuniv,dc=edu'));
$config->custom->appearance['hide_template_warning'] = true;
$servers->setValue('login','bind_id','cn=admin,dc=hpc,dc=sabanciuniv,dc=edu');
$servers->setValue('login','anon_bind',false);
$servers->setValue('login','attr','dn');
$servers->setValue('auto_number','min',array('uidNumber'=>10000,'gidNumber'=>5000));
http://<remote_ip_address>/phpldapadmin

Replace respective sections above according to your needs. You need to replace <remote_ip_address> with the ip address that you assign to your LDAP server.

At this point you should be able to login to phpLDAPadmin GUI.

After you login to the GUI you can create a child entries and groups according to your needs. If you would like to change Generic User Account template then:

cd /etc/phpldapadmin/templates/creation
cp posixAccount.xml posixAccount.xml_ori
vi posixAccount.xml

For example to add mail section to the template:

<attribute id="mail">
        <display>Email</display>
        <order>10</order>
        <page>1</page>
</attribute>

Author: Serdar Acir