Creating Users and Groups in OpenLDAP using phpldapadmin

Credit: Srinivasan Ganesan

Creating Users and Groups in OpenLDAP using phpldapadmin


Creating Organization Unit



Follow the below Procedures for creating OU named Users and Groups
(i) Open the LDAP Web Console using the URL <hostname>/phpldapadmin and Click on the Distinguished Name (e.g dc=openldap,dc=com) and click Create a child Entry



(ii) Click on Generic: Organizational Unit




(iii) Provide a Name (e.g Groups) and click on Create Object




(iv) Now, click on Commit


The OU (Organizational Unit) named Groups is now created.


(v) Follow the same above procedures for creating OU named Users.

Now we have two OUs Users and Groups

Creating Users and Groups


1. Creating Users


(i) Select the OU Users and click on Create a child entry

(ii) From the Create Object page which appears, click on Default

(iii) Select inetOrgPerson from the ObjectClasses and click on Proceed >>

(iv) Select RDN as cn (cn). Provide cn name, sn name, displayName, PasswordUser Name and any other required fields and click on Create Object

(v) Now, click on Commit

Now, a user named ldapuser is created under the OU 'Users'

2. Creating Groups


(i) Click on OU Groups and click on Create a child entry

(ii) Now, click on Default

(iii) Now Select groupOfNames from ObjectClasses and Click Proceed >>

(iv) Select cn (cn) as RDN. Provide a cn name, member (any one users, we can modify it later) and click on Create Object

(v) Now, click on Commit

Group named ldapgroup is now created under OU Groups

3. Creating Groups with Special Characters(e.g ">>")


(i) Select OU Groups and click on Create a child entry.

(ii) Now, Click on Default.

(iii) Select groupOfNames from ObjectClasses and click on Proceed >>

(iv) Now cn (cn) as RDN and Provide the cn name. Escape ant Special Characters using
backslash (\) symbol.

(v) Now provide a valid user in member attribute and click on Create Object and proceed with Commit.

(vi) Now, group named OpenldapGroups is created under Groups OU with cn name Openldap\>\>Groups. The group will have another value in cn with the backslash (\) removed.

(vii) Now, Delete the entry Openldap\>\>Groups and click on Update Object and proceed with Update Object.

(viii) Now the Openldap\>\>Groups cn name is removed from OpenldapGroups and it is updated with cn name Openldap>>Groups

4. Modifying members in a group
(i) Click on modify group members from member attribute
(ii) From the Modify group page we Add or Remove Users based on our needs and click on Save changes
(iii) Now, click on Update Object to save the changes