| SYSTEM INFORMATION | |
|---|---|
| OS type and version | OS: Ubuntu 22.04.4 LTS x86_64 - OpenStack Nova 19.3.2 |
| Webmin version | 2.105 |
| LDAP | 2.5.16+dfsg-0ubuntu0.22.04.2 |
| MySQL | 8.0.36-0ubuntu0.22.04.1 |
| Apache | Apache/2.4.52 |
| BIND | 9.18.24-1+ubuntu22.04.1+deb.sury.org+1-Ubuntu |
Is it possible to setup my ldap server as follow to be used with Webmin?
Name: ldap.wingarmac.org
Address: 2001:41d0:701:1100::2618
Secured with certbot for the virtual host generaly and also self-signed for internal ldap.
● apache2.service - The Apache HTTP Server
Loaded: loaded (/lib/systemd/system/apache2.service; enabled; vendor preset: enabled)
Active: active (running) since Thu 2024-02-29 22:27:24 CET; 31min ago
Docs: https://httpd.apache.org/docs/2.4/
Process: 88788 ExecStart=/usr/sbin/apachectl start (code=exited, status=0/SUCCESS)
Process: 90489 ExecReload=/usr/sbin/apachectl graceful (code=exited, status=0/SUCCESS)
Main PID: 88792 (apache2)
Tasks: 9 (limit: 2252)
Memory: 80.6M
CPU: 4.489s
CGroup: /system.slice/apache2.service
├─88792 /usr/sbin/apache2 -k start
├─90495 /usr/sbin/apache2 -k start
├─90496 /usr/sbin/apache2 -k start
├─90497 /usr/sbin/apache2 -k start
├─90498 /usr/sbin/apache2 -k start
├─90499 /usr/sbin/apache2 -k start
├─90521 /usr/sbin/apache2 -k start
├─90564 /usr/sbin/apache2 -k start
└─90570 /usr/sbin/apache2 -k start
Feb 29 22:27:24 ubserv systemd[1]: Starting The Apache HTTP Server...
Feb 29 22:27:24 ubserv systemd[1]: Started The Apache HTTP Server.
Feb 29 22:31:02 ubserv systemd[1]: Reloading The Apache HTTP Server...
Feb 29 22:31:02 ubserv systemd[1]: Reloaded The Apache HTTP Server.
Feb 29 22:41:29 ubserv systemd[1]: Reloading The Apache HTTP Server...
Feb 29 22:41:29 ubserv systemd[1]: Reloaded The Apache HTTP Server.
● named.service - BIND Domain Name Server
Loaded: loaded (/lib/systemd/system/named.service; enabled; vendor preset: enabled)
Active: active (running) since Thu 2024-02-29 20:27:08 CET; 2h 31min ago
Docs: man:named(8)
Main PID: 70223 (named)
Status: "running"
Tasks: 5 (limit: 2252)
Memory: 9.4M
CPU: 3.947s
CGroup: /system.slice/named.service
└─70223 /usr/sbin/named -f -u bind
Feb 29 20:27:08 ubserv named[70223]: configuring command channel from '/etc/bind/rndc.key'
Feb 29 20:27:08 ubserv named[70223]: command channel listening on ::1#953
Feb 29 20:27:08 ubserv named[70223]: 29-Feb-2024 20:27:08.208 zoneload: info: managed-keys-zone: loaded serial 112
Feb 29 20:27:08 ubserv named[70223]: 29-Feb-2024 20:27:08.208 zoneload: info: zone wingarmac.vpn/IN: loaded serial 2024020301
Feb 29 20:27:08 ubserv named[70223]: 29-Feb-2024 20:27:08.212 zoneload: info: zone wingarmac.com/IN: loaded serial 2024020300
Feb 29 20:27:08 ubserv named[70223]: 29-Feb-2024 20:27:08.212 zoneload: info: zone 5.5.10.in-addr.arpa/IN: loaded serial 2024020301
Feb 29 20:27:08 ubserv named[70223]: 29-Feb-2024 20:27:08.220 zoneload: info: zone wingarmac.org/IN: loaded serial 2045864082
Feb 29 20:27:08 ubserv named[70223]: 29-Feb-2024 20:27:08.220 general: notice: all zones loaded
Feb 29 20:27:08 ubserv systemd[1]: Started BIND Domain Name Server.
Feb 29 20:27:08 ubserv named[70223]: 29-Feb-2024 20:27:08.224 general: notice: running
● slapd.service - LSB: OpenLDAP standalone server (Lightweight Directory Access Protocol)
Loaded: loaded (/etc/init.d/slapd; generated)
Drop-In: /usr/lib/systemd/system/slapd.service.d
└─slapd-remain-after-exit.conf
Active: active (running) since Thu 2024-02-29 22:27:24 CET; 31min ago
Docs: man:systemd-sysv-generator(8)
Process: 88774 ExecStart=/etc/init.d/slapd start (code=exited, status=0/SUCCESS)
Tasks: 4 (limit: 2252)
Memory: 3.5M
CPU: 58ms
CGroup: /system.slice/slapd.service
└─88783 /usr/sbin/slapd -h "ldap:/// ldapi:///" -g openldap -u openldap -F /etc/ldap/slapd.d
Feb 29 22:27:24 ubserv systemd[1]: Starting LSB: OpenLDAP standalone server (Lightweight Directory Access Protocol)...
Feb 29 22:27:24 ubserv slapd[88774]: * Starting OpenLDAP slapd
Feb 29 22:27:24 ubserv slapd[88782]: @(#) $OpenLDAP: slapd 2.5.16+dfsg-0ubuntu0.22.04.2 (Jan 25 2024 18:42:39) $
Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com>
Feb 29 22:27:24 ubserv slapd[88783]: slapd starting
Feb 29 22:27:24 ubserv slapd[88774]: ...done.
Feb 29 22:27:24 ubserv systemd[1]: Started LSB: OpenLDAP standalone server (Lightweight Directory Access Protocol).
● mysql.service - MySQL Community Server
Loaded: loaded (/lib/systemd/system/mysql.service; enabled; vendor preset: enabled)
Active: active (running) since Wed 2024-02-28 05:10:59 CET; 1 day 17h ago
Main PID: 936 (mysqld)
Status: "Server is operational"
Tasks: 45 (limit: 2252)
Memory: 427.1M
CPU: 17min 51.516s
CGroup: /system.slice/mysql.service
└─936 /usr/sbin/mysqld
Feb 28 05:10:49 ubserv systemd[1]: Starting MySQL Community Server...
Feb 28 05:10:59 ubserv systemd[1]: Started MySQL Community Server.
It seems ldap.wingarmac.org isn’t found by the user data connection setup of Webmin:
Failed to save user and group database settings :### Missing or un-resolvable hostname
When I set it to wingarmac.org (on IPv4) it does find it but isn’t allowed to connect, because not set on that host.
Can anyone aid me setup the LDAP server for usage with Webmin?
shema as already been set:
@ubserv:/etc/ldap/schema# cat webmin.schema
# Object and attribute classes for Webmin users and groups
#
# OID Base is : 1.3.6.1.4.1.36548.4
# Attributes : 1.3.6.1.4.1.36548.4.1.x
# Object classes : 1.3.6.1.4.1.36548.4.2.x
attributetype ( 1.3.6.1.4.1.36548.4.1.2 NAME 'webminPass'
DESC 'Webmin password'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{255} SINGLE-VALUE )
attributetype ( 1.3.6.1.4.1.36548.4.1.3 NAME 'webminAttr'
DESC 'Webmin user attribute name=value format'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{255} )
attributetype ( 1.3.6.1.4.1.36548.4.1.5 NAME 'webminDesc'
DESC 'Webmin group description'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{255} )
attributetype ( 1.3.6.1.4.1.36548.4.1.6 NAME 'webminModule'
DESC 'Webmin module name'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{255} )
objectclass ( 1.3.6.1.4.1.36548.4.2.1 NAME 'webminUser' SUP top STRUCTURAL
DESC 'Webmin user account'
MUST ( cn $ webminPass )
MAY ( webminAttr $ webminModule ))
objectclass ( 1.3.6.1.4.1.36548.4.2.2 NAME 'webminGroup' SUP top STRUCTURAL
DESC 'Webmin group account'
MUST ( cn $ webminDesc )
MAY ( webminAttr $ webminModule ))
attributetype ( 1.3.6.1.4.1.36548.4.1.4 NAME 'webminAclEntry'
DESC 'Webmin ACL entry in name=value format'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{255} )
objectclass ( 1.3.6.1.4.1.36548.4.2.3 NAME 'webminAcl'
DESC 'Webmin user or group module ACL'
MUST ( cn )
MAY ( webminAclEntry ))
Other relevant settings:
# /etc/ldap/slapd.conf
SLAPD_USER=openldap
SLAPD_GROUP=openldap
SLAPD_SERVICES="ldapi:/// ldap:///"
SLAPD_OPTIONS="-6"
SLAPD_PIDFILE=/var/run/slapd/slapd.pid
BASE dc=ldap,dc=wingarmac,dc=org
URI ldap://ldap.wingarmac.org ldap://ubserv.wingarmac.vpn:666
SIZELIMIT 12
TIMELIMIT 15
DEREF never
TLS_CACERTDIR /etc/openldap/certs
include /etc/ldap/schema/core.schema
include /etc/ldap/schema/cosine.schema
include /etc/ldap/schema/inetorgperson.schema
include /etc/ldap/schema/nis.schema
include /etc/ldap/schema/webmin.schema
# Define global settings
pidfile /var/run/slapd/slapd.pid
argsfile /var/run/slapd/slapd.args
# Listen on both IPv4 and IPv6
listen ldapi:///
listen ldap:///
listen ldaps:///
# IPv6 configuration
listen ldap://[::]:389/
listen ldaps://[::]:636/
# Set the serverID
serverID 1 ldap://127.0.0.1 ldapi:/// ldap://[::]
# Define SSL/TLS settings
TLSCACertificateFile /etc/ssl/certs/ca-certificates.crt
TLSCertificateFile /etc/letsencrypt/live/ldap.wingarmac.org/fullchain.pem
TLSCertificateKeyFile /etc/letsencrypt/live/ldap.wingarmac.org/privkey.pem
# Other necessary configurations based on your needs
# Database definition
database ldap
suffix "dc=wingarmac,dc=org"
rootdn "cn=admin,dc=example,dc=com"
rootpw $AUTHDB_PASS
# Access control rules (modify as needed)
access to * by * read
(My hosts and websites, FQDN, … are only intend for testing purposes for private usage)