LDAP server for webmin user management

SYSTEM INFORMATION
OS type and version OS: Ubuntu 22.04.4 LTS x86_64 - OpenStack Nova 19.3.2
Webmin version 2.105
LDAP 2.5.16+dfsg-0ubuntu0.22.04.2
MySQL 8.0.36-0ubuntu0.22.04.1
Apache Apache/2.4.52
BIND 9.18.24-1+ubuntu22.04.1+deb.sury.org+1-Ubuntu

Is it possible to setup my ldap server as follow to be used with Webmin?
Name: ldap.wingarmac.org
Address: 2001:41d0:701:1100::2618

Secured with certbot for the virtual host generaly and also self-signed for internal ldap.

● apache2.service - The Apache HTTP Server
     Loaded: loaded (/lib/systemd/system/apache2.service; enabled; vendor preset: enabled)
     Active: active (running) since Thu 2024-02-29 22:27:24 CET; 31min ago
       Docs: https://httpd.apache.org/docs/2.4/
    Process: 88788 ExecStart=/usr/sbin/apachectl start (code=exited, status=0/SUCCESS)
    Process: 90489 ExecReload=/usr/sbin/apachectl graceful (code=exited, status=0/SUCCESS)
   Main PID: 88792 (apache2)
      Tasks: 9 (limit: 2252)
     Memory: 80.6M
        CPU: 4.489s
     CGroup: /system.slice/apache2.service
             ├─88792 /usr/sbin/apache2 -k start
             ├─90495 /usr/sbin/apache2 -k start
             ├─90496 /usr/sbin/apache2 -k start
             ├─90497 /usr/sbin/apache2 -k start
             ├─90498 /usr/sbin/apache2 -k start
             ├─90499 /usr/sbin/apache2 -k start
             ├─90521 /usr/sbin/apache2 -k start
             ├─90564 /usr/sbin/apache2 -k start
             └─90570 /usr/sbin/apache2 -k start

Feb 29 22:27:24 ubserv systemd[1]: Starting The Apache HTTP Server...
Feb 29 22:27:24 ubserv systemd[1]: Started The Apache HTTP Server.
Feb 29 22:31:02 ubserv systemd[1]: Reloading The Apache HTTP Server...
Feb 29 22:31:02 ubserv systemd[1]: Reloaded The Apache HTTP Server.
Feb 29 22:41:29 ubserv systemd[1]: Reloading The Apache HTTP Server...
Feb 29 22:41:29 ubserv systemd[1]: Reloaded The Apache HTTP Server.

● named.service - BIND Domain Name Server
     Loaded: loaded (/lib/systemd/system/named.service; enabled; vendor preset: enabled)
     Active: active (running) since Thu 2024-02-29 20:27:08 CET; 2h 31min ago
       Docs: man:named(8)
   Main PID: 70223 (named)
     Status: "running"
      Tasks: 5 (limit: 2252)
     Memory: 9.4M
        CPU: 3.947s
     CGroup: /system.slice/named.service
             └─70223 /usr/sbin/named -f -u bind

Feb 29 20:27:08 ubserv named[70223]: configuring command channel from '/etc/bind/rndc.key'
Feb 29 20:27:08 ubserv named[70223]: command channel listening on ::1#953
Feb 29 20:27:08 ubserv named[70223]: 29-Feb-2024 20:27:08.208 zoneload: info: managed-keys-zone: loaded serial 112
Feb 29 20:27:08 ubserv named[70223]: 29-Feb-2024 20:27:08.208 zoneload: info: zone wingarmac.vpn/IN: loaded serial 2024020301
Feb 29 20:27:08 ubserv named[70223]: 29-Feb-2024 20:27:08.212 zoneload: info: zone wingarmac.com/IN: loaded serial 2024020300
Feb 29 20:27:08 ubserv named[70223]: 29-Feb-2024 20:27:08.212 zoneload: info: zone 5.5.10.in-addr.arpa/IN: loaded serial 2024020301
Feb 29 20:27:08 ubserv named[70223]: 29-Feb-2024 20:27:08.220 zoneload: info: zone wingarmac.org/IN: loaded serial 2045864082
Feb 29 20:27:08 ubserv named[70223]: 29-Feb-2024 20:27:08.220 general: notice: all zones loaded
Feb 29 20:27:08 ubserv systemd[1]: Started BIND Domain Name Server.
Feb 29 20:27:08 ubserv named[70223]: 29-Feb-2024 20:27:08.224 general: notice: running

● slapd.service - LSB: OpenLDAP standalone server (Lightweight Directory Access Protocol)
     Loaded: loaded (/etc/init.d/slapd; generated)
    Drop-In: /usr/lib/systemd/system/slapd.service.d
             └─slapd-remain-after-exit.conf
     Active: active (running) since Thu 2024-02-29 22:27:24 CET; 31min ago
       Docs: man:systemd-sysv-generator(8)
    Process: 88774 ExecStart=/etc/init.d/slapd start (code=exited, status=0/SUCCESS)
      Tasks: 4 (limit: 2252)
     Memory: 3.5M
        CPU: 58ms
     CGroup: /system.slice/slapd.service
             └─88783 /usr/sbin/slapd -h "ldap:/// ldapi:///" -g openldap -u openldap -F /etc/ldap/slapd.d

Feb 29 22:27:24 ubserv systemd[1]: Starting LSB: OpenLDAP standalone server (Lightweight Directory Access Protocol)...
Feb 29 22:27:24 ubserv slapd[88774]:  * Starting OpenLDAP slapd
Feb 29 22:27:24 ubserv slapd[88782]: @(#) $OpenLDAP: slapd 2.5.16+dfsg-0ubuntu0.22.04.2 (Jan 25 2024 18:42:39) $
                                             Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com>
Feb 29 22:27:24 ubserv slapd[88783]: slapd starting
Feb 29 22:27:24 ubserv slapd[88774]:    ...done.
Feb 29 22:27:24 ubserv systemd[1]: Started LSB: OpenLDAP standalone server (Lightweight Directory Access Protocol).
● mysql.service - MySQL Community Server
     Loaded: loaded (/lib/systemd/system/mysql.service; enabled; vendor preset: enabled)
     Active: active (running) since Wed 2024-02-28 05:10:59 CET; 1 day 17h ago
   Main PID: 936 (mysqld)
     Status: "Server is operational"
      Tasks: 45 (limit: 2252)
     Memory: 427.1M
        CPU: 17min 51.516s
     CGroup: /system.slice/mysql.service
             └─936 /usr/sbin/mysqld

Feb 28 05:10:49 ubserv systemd[1]: Starting MySQL Community Server...
Feb 28 05:10:59 ubserv systemd[1]: Started MySQL Community Server.

It seems ldap.wingarmac.org isn’t found by the user data connection setup of Webmin:

Failed to save user and group database settings :### Missing or un-resolvable hostname

When I set it to wingarmac.org (on IPv4) it does find it but isn’t allowed to connect, because not set on that host.

Can anyone aid me setup the LDAP server for usage with Webmin?
shema as already been set:

@ubserv:/etc/ldap/schema# cat webmin.schema
# Object and attribute classes for Webmin users and groups
#
# OID Base is    : 1.3.6.1.4.1.36548.4
# Attributes     : 1.3.6.1.4.1.36548.4.1.x
# Object classes : 1.3.6.1.4.1.36548.4.2.x

attributetype ( 1.3.6.1.4.1.36548.4.1.2 NAME 'webminPass'
	DESC 'Webmin password'
	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{255} SINGLE-VALUE )

attributetype ( 1.3.6.1.4.1.36548.4.1.3 NAME 'webminAttr'
	DESC 'Webmin user attribute name=value format'
	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{255} )

attributetype ( 1.3.6.1.4.1.36548.4.1.5 NAME 'webminDesc'
	DESC 'Webmin group description'
	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{255} )

attributetype ( 1.3.6.1.4.1.36548.4.1.6 NAME 'webminModule'
	DESC 'Webmin module name'
	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{255} )

objectclass ( 1.3.6.1.4.1.36548.4.2.1 NAME 'webminUser' SUP top STRUCTURAL
	DESC 'Webmin user account'
	MUST ( cn $ webminPass )
	MAY ( webminAttr $ webminModule ))

objectclass ( 1.3.6.1.4.1.36548.4.2.2 NAME 'webminGroup' SUP top STRUCTURAL
	DESC 'Webmin group account'
	MUST ( cn $ webminDesc )
	MAY ( webminAttr $ webminModule ))


attributetype ( 1.3.6.1.4.1.36548.4.1.4 NAME 'webminAclEntry'
	DESC 'Webmin ACL entry in name=value format'
	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{255} )

objectclass ( 1.3.6.1.4.1.36548.4.2.3 NAME 'webminAcl'
	DESC 'Webmin user or group module ACL'
	MUST ( cn )
	MAY ( webminAclEntry ))

Other relevant settings:

# /etc/ldap/slapd.conf      
                                                                                       
SLAPD_USER=openldap
SLAPD_GROUP=openldap
SLAPD_SERVICES="ldapi:/// ldap:///"
SLAPD_OPTIONS="-6"
SLAPD_PIDFILE=/var/run/slapd/slapd.pid
BASE   dc=ldap,dc=wingarmac,dc=org
URI    ldap://ldap.wingarmac.org ldap://ubserv.wingarmac.vpn:666
SIZELIMIT      12
TIMELIMIT      15
DEREF          never
TLS_CACERTDIR   /etc/openldap/certs
include         /etc/ldap/schema/core.schema
include         /etc/ldap/schema/cosine.schema
include         /etc/ldap/schema/inetorgperson.schema
include         /etc/ldap/schema/nis.schema
include         /etc/ldap/schema/webmin.schema

# Define global settings
pidfile         /var/run/slapd/slapd.pid
argsfile        /var/run/slapd/slapd.args

# Listen on both IPv4 and IPv6
listen          ldapi:///
listen          ldap:///
listen          ldaps:///

# IPv6 configuration
listen          ldap://[::]:389/
listen          ldaps://[::]:636/

# Set the serverID
serverID        1 ldap://127.0.0.1 ldapi:/// ldap://[::]

# Define SSL/TLS settings
TLSCACertificateFile /etc/ssl/certs/ca-certificates.crt
TLSCertificateFile /etc/letsencrypt/live/ldap.wingarmac.org/fullchain.pem
TLSCertificateKeyFile /etc/letsencrypt/live/ldap.wingarmac.org/privkey.pem

# Other necessary configurations based on your needs

# Database definition
database        ldap
suffix          "dc=wingarmac,dc=org"
rootdn          "cn=admin,dc=example,dc=com"
rootpw          $AUTHDB_PASS

# Access control rules (modify as needed)
access to * by * read

(My hosts and websites, FQDN, … are only intend for testing purposes for private usage)

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.