{"id":1537,"date":"2026-03-22T21:04:10","date_gmt":"2026-03-22T18:04:10","guid":{"rendered":"https:\/\/computingforgeeks.com\/?p=1537"},"modified":"2026-03-22T21:04:11","modified_gmt":"2026-03-22T18:04:11","slug":"install-phpldapadmin-ubuntu-debian","status":"publish","type":"post","link":"https:\/\/computingforgeeks.com\/install-phpldapadmin-ubuntu-debian\/","title":{"rendered":"Install phpLDAPadmin on Ubuntu 24.04 \/ Debian 13"},"content":{"rendered":"\n<p>phpLDAPadmin is a web-based LDAP browser and administration tool that gives you a graphical interface for managing your OpenLDAP directory. Instead of running command-line utilities like <code>ldapadd<\/code>, <code>ldapmodify<\/code>, and <code>ldapsearch<\/code> for every operation, you get a point-and-click interface for creating organizational units, user accounts, groups, and modifying LDAP entries. The project is hosted on <a href=\"https:\/\/github.com\/leenooks\/phpLDAPadmin\" target=\"_blank\" rel=\"noreferrer noopener\">GitHub<\/a> and has been a go-to LDAP management tool for years.<\/p>\n\n\n\n<p>This guide walks through installing and configuring phpLDAPadmin on Ubuntu 24.04 and Debian 13. We cover the Apache web server setup, securing the interface with HTTPS using Let&#8217;s Encrypt, and basic LDAP directory management through the web UI.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Prerequisites<\/h2>\n\n\n\n<p>Before starting, make sure you have the following in place:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>A server running Ubuntu 24.04 LTS or Debian 13 with root or sudo access<\/li>\n\n<li>A working <a href=\"https:\/\/computingforgeeks.com\/install-and-configure-openldap-server-ubuntu\/\" target=\"_blank\" rel=\"noreferrer noopener\">OpenLDAP server<\/a> installed and configured on the same host or reachable over the network<\/li>\n\n<li>A fully qualified domain name (FQDN) pointing to your server &#8211; needed for Let&#8217;s Encrypt SSL<\/li>\n\n<li>Ports 80 (HTTP) and 443 (HTTPS) open in your firewall<\/li>\n\n<li>At least 1 GB RAM and 1 vCPU<\/li>\n<\/ul>\n\n\n\n<p>If your OpenLDAP server is on a separate host, ensure that port 389 (LDAP) or 636 (LDAPS) is open between the phpLDAPadmin server and the LDAP server.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Step 1: Install phpLDAPadmin on Ubuntu 24.04 \/ Debian 13<\/h2>\n\n\n\n<p>phpLDAPadmin is available in the default repositories on both Ubuntu 24.04 (universe) and Debian 13. Install it along with Apache and the required PHP modules.<\/p>\n\n\n\n<p>Update the package index first:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo apt update<\/code><\/pre>\n\n\n\n<p>Install phpLDAPadmin and Apache:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo apt install phpldapadmin apache2 libapache2-mod-php -y<\/code><\/pre>\n\n\n\n<p>This pulls in PHP, the PHP LDAP extension, and all other dependencies automatically. Verify the installation by checking the package version:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>dpkg -l phpldapadmin | grep ^ii<\/code><\/pre>\n\n\n\n<p>You should see the installed package version confirmed in the output:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>ii  phpldapadmin   1.2.6.7-1   all   web based interface for administering LDAP servers<\/code><\/pre>\n\n\n\n<h2 class=\"wp-block-heading\">Step 2: Configure phpLDAPadmin<\/h2>\n\n\n\n<p>The main configuration file is <code>\/etc\/phpldapadmin\/config.php<\/code>. This file tells phpLDAPadmin how to connect to your LDAP server and controls the login behavior.<\/p>\n\n\n\n<p>Open the configuration file:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo vi \/etc\/phpldapadmin\/config.php<\/code><\/pre>\n\n\n\n<p>Find and update the following settings. Replace <code>dc=example,dc=com<\/code> with your actual LDAP base DN and adjust the server host if LDAP runs on a different machine:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>\/* Set the LDAP server name shown in the UI *\/\n$servers->setValue('server','name','My LDAP Server');\n\n\/* LDAP server hostname - use 127.0.0.1 if on the same host *\/\n$servers->setValue('server','host','127.0.0.1');\n\n\/* LDAP server port - 389 for plain LDAP, 636 for LDAPS *\/\n$servers->setValue('server','port',389);\n\n\/* Base DN of your LDAP directory *\/\n$servers->setValue('server','base',array('dc=example,dc=com'));\n\n\/* Admin bind DN - used for the login prompt default *\/\n$servers->setValue('login','bind_id','cn=admin,dc=example,dc=com');\n\n\/* Hide the template warning on login page *\/\n$servers->setValue('appearance','hide_template_warning',true);<\/code><\/pre>\n\n\n\n<p>If your OpenLDAP server uses LDAPS (port 636), change the host value to use the <code>ldaps:\/\/<\/code> scheme. You can learn more about securing your LDAP connections in our guide on <a href=\"https:\/\/computingforgeeks.com\/secure-ldap-server-with-ssl-tls-on-ubuntu\/\" target=\"_blank\" rel=\"noreferrer noopener\">configuring SSL\/TLS for OpenLDAP<\/a>:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>$servers->setValue('server','host','ldaps:\/\/ldap.example.com');\n$servers->setValue('server','port',636);<\/code><\/pre>\n\n\n\n<p>Save and close the file when done.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Step 3: Configure Apache Virtual Host for phpLDAPadmin<\/h2>\n\n\n\n<p>By default, phpLDAPadmin drops an Apache config snippet in <code>\/etc\/phpldapadmin\/apache.conf<\/code> that makes the interface available at <code>http:\/\/your-server\/phpldapadmin<\/code>. For a production setup, create a dedicated virtual host instead.<\/p>\n\n\n\n<p>Create a new virtual host configuration file:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo vi \/etc\/apache2\/sites-available\/phpldapadmin.conf<\/code><\/pre>\n\n\n\n<p>Add the following virtual host configuration. Replace <code>ldap.example.com<\/code> with your actual domain name:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>&lt;VirtualHost *:80&gt;\n    ServerName ldap.example.com\n    DocumentRoot \/usr\/share\/phpldapadmin\/htdocs\n\n    &lt;Directory \/usr\/share\/phpldapadmin\/htdocs&gt;\n        Options -Indexes +FollowSymLinks\n        AllowOverride All\n        Require all granted\n    &lt;\/Directory&gt;\n\n    # Alias for the default phpLDAPadmin path\n    Alias \/phpldapadmin \/usr\/share\/phpldapadmin\/htdocs\n\n    ErrorLog ${APACHE_LOG_DIR}\/phpldapadmin_error.log\n    CustomLog ${APACHE_LOG_DIR}\/phpldapadmin_access.log combined\n&lt;\/VirtualHost&gt;<\/code><\/pre>\n\n\n\n<p>Enable the new site and disable the default site if it is not needed:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo a2ensite phpldapadmin.conf\nsudo a2dissite 000-default.conf<\/code><\/pre>\n\n\n\n<p>Test the Apache configuration for syntax errors:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo apachectl configtest<\/code><\/pre>\n\n\n\n<p>If the syntax check passes, you will see:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>Syntax OK<\/code><\/pre>\n\n\n\n<p>Restart Apache to apply the changes:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo systemctl restart apache2<\/code><\/pre>\n\n\n\n<p>Confirm Apache is running:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo systemctl status apache2<\/code><\/pre>\n\n\n\n<p>The output should show the service as active and running:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>\u25cf apache2.service - The Apache HTTP Server\n     Loaded: loaded (\/usr\/lib\/systemd\/system\/apache2.service; enabled; preset: enabled)\n     Active: active (running) since ...\n     ...<\/code><\/pre>\n\n\n\n<h2 class=\"wp-block-heading\">Step 4: Secure phpLDAPadmin with HTTPS<\/h2>\n\n\n\n<p>Running phpLDAPadmin over plain HTTP exposes LDAP credentials in transit. Use <a href=\"https:\/\/certbot.eff.org\/\" target=\"_blank\" rel=\"noreferrer noopener\">Certbot<\/a> to obtain a free Let&#8217;s Encrypt SSL certificate and enable HTTPS.<\/p>\n\n\n\n<p>Install Certbot and the Apache plugin:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo apt install certbot python3-certbot-apache -y<\/code><\/pre>\n\n\n\n<p>Request a certificate for your domain. Certbot will automatically modify the Apache virtual host to enable SSL:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo certbot --apache -d ldap.example.com<\/code><\/pre>\n\n\n\n<p>Follow the interactive prompts &#8211; provide your email address for renewal notices and agree to the terms of service. When asked about redirecting HTTP to HTTPS, choose to redirect all traffic.<\/p>\n\n\n\n<p>After Certbot completes, it creates an SSL virtual host file and configures automatic redirects. Verify the certificate is in place:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo certbot certificates<\/code><\/pre>\n\n\n\n<p>The output shows the certificate details and expiry date:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>Found the following certs:\n  Certificate Name: ldap.example.com\n    Domains: ldap.example.com\n    Expiry Date: 2026-06-20 (VALID: 89 days)\n    Certificate Path: \/etc\/letsencrypt\/live\/ldap.example.com\/fullchain.pem\n    Private Key Path: \/etc\/letsencrypt\/live\/ldap.example.com\/privkey.pem<\/code><\/pre>\n\n\n\n<p>Certbot sets up a systemd timer for automatic renewal. Confirm the timer is active:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo systemctl status certbot.timer<\/code><\/pre>\n\n\n\n<p>You should see the timer listed as active, which means certificates will renew automatically before they expire.<\/p>\n\n\n\n<p>Open the required firewall ports if UFW is enabled:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo ufw allow 'Apache Full'\nsudo ufw status<\/code><\/pre>\n\n\n\n<h2 class=\"wp-block-heading\">Step 5: Access the phpLDAPadmin Web Interface<\/h2>\n\n\n\n<p>Open your browser and navigate to your domain:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>https:\/\/ldap.example.com<\/code><\/pre>\n\n\n\n<p>You will see the phpLDAPadmin login page. Click the &#8220;login&#8221; link on the left sidebar. Enter your LDAP admin credentials:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Login DN<\/strong>: <code>cn=admin,dc=example,dc=com<\/code> (your LDAP admin bind DN)<\/li>\n\n<li><strong>Password<\/strong>: your LDAP admin password<\/li>\n<\/ul>\n\n\n\n<p>After a successful login, the left panel displays your LDAP directory tree. You can expand nodes to browse existing entries.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Step 6: Browse Your LDAP Directory<\/h2>\n\n\n\n<p>Once logged in, the tree view on the left side shows your base DN and all entries underneath it. Click on any entry to view its attributes in the right panel.<\/p>\n\n\n\n<p>The main navigation works as follows:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Tree view (left panel)<\/strong> &#8211; expand\/collapse nodes to browse the directory hierarchy<\/li>\n\n<li><strong>Entry details (right panel)<\/strong> &#8211; view and edit attributes of the selected entry<\/li>\n\n<li><strong>Search<\/strong> &#8211; use the search bar at the top to find entries by attribute values<\/li>\n\n<li><strong>Schema browser<\/strong> &#8211; examine available LDAP object classes and attributes<\/li>\n<\/ul>\n\n\n\n<p>You can also run custom LDAP searches by clicking &#8220;Advanced&#8221; in the search section. This accepts standard LDAP filter syntax like <code>(&amp;(objectClass=inetOrgPerson)(uid=jdoe))<\/code>.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Step 7: Create Organizational Units, Users, and Groups<\/h2>\n\n\n\n<p>A well-structured LDAP directory separates entries into Organizational Units (OUs). Here is how to create the basic structure through phpLDAPadmin.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Create an Organizational Unit<\/h3>\n\n\n\n<p>OUs group related entries together &#8211; commonly <code>ou=People<\/code> for user accounts and <code>ou=Groups<\/code> for group entries.<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Click on your base DN in the left tree (e.g., <code>dc=example,dc=com<\/code>)<\/li>\n\n<li>Click &#8220;Create a child entry&#8221; in the right panel<\/li>\n\n<li>Select &#8220;Generic: Organisational Unit&#8221;<\/li>\n\n<li>Enter the OU name (e.g., <code>People<\/code>) and click &#8220;Create Object&#8221;<\/li>\n\n<li>Confirm the creation on the next screen<\/li>\n<\/ul>\n\n\n\n<p>Repeat the process to create an <code>ou=Groups<\/code> organizational unit.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Create a User Account<\/h3>\n\n\n\n<p>To add a user under the People OU:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Click on <code>ou=People<\/code> in the left tree<\/li>\n\n<li>Click &#8220;Create a child entry&#8221;<\/li>\n\n<li>Select &#8220;Generic: User Account&#8221;<\/li>\n\n<li>Fill in the required fields: Common Name, User ID, Last Name, Password, GID Number, Home Directory<\/li>\n\n<li>Click &#8220;Create Object&#8221; and confirm<\/li>\n<\/ul>\n\n\n\n<p>The new user entry is created with the <code>inetOrgPerson<\/code> and <code>posixAccount<\/code> object classes, which work for both LDAP authentication and Linux system login. If you need to configure systems to authenticate against this directory, see our guide on <a href=\"https:\/\/computingforgeeks.com\/how-to-configure-ubuntu-as-ldap-client\/\" target=\"_blank\" rel=\"noreferrer noopener\">setting up Ubuntu as an LDAP client<\/a>.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Create a Group<\/h3>\n\n\n\n<p>To create a POSIX group under the Groups OU:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Click on <code>ou=Groups<\/code> in the left tree<\/li>\n\n<li>Click &#8220;Create a child entry&#8221;<\/li>\n\n<li>Select &#8220;Generic: Posix Group&#8221;<\/li>\n\n<li>Enter the group name (e.g., <code>developers<\/code>) and GID number<\/li>\n\n<li>Click &#8220;Create Object&#8221; and confirm<\/li>\n<\/ul>\n\n\n\n<p>To add members to the group, open the group entry after creation and add the <code>memberUid<\/code> attribute with the user&#8217;s UID value.<\/p>\n\n\n\n<p>You can verify the entries were created correctly by searching from the command line on the LDAP server:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>ldapsearch -x -LLL -b \"dc=example,dc=com\" \"(objectClass=posixAccount)\" uid cn<\/code><\/pre>\n\n\n\n<p>This returns all user accounts with their UID and common name attributes, confirming the entries you created through phpLDAPadmin are in the directory.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Step 8: Restrict Access to phpLDAPadmin by IP<\/h2>\n\n\n\n<p>Exposing phpLDAPadmin to the public internet is a security risk. Restrict access to specific IP addresses or internal networks using Apache configuration.<\/p>\n\n\n\n<p>Edit the phpLDAPadmin virtual host file:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo vi \/etc\/apache2\/sites-available\/phpldapadmin.conf<\/code><\/pre>\n\n\n\n<p>Add a <code>Directory<\/code> block with IP restrictions inside the <code>VirtualHost<\/code> section. Replace the example IPs with your office or VPN network addresses:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>&lt;Directory \/usr\/share\/phpldapadmin\/htdocs&gt;\n    Options -Indexes +FollowSymLinks\n    AllowOverride All\n\n    # Allow access from specific IPs only\n    Require ip 10.0.1.0\/24\n    Require ip 192.168.1.0\/24\n    Require ip 203.0.113.50\n&lt;\/Directory&gt;<\/code><\/pre>\n\n\n\n<p>The <code>Require ip<\/code> directives accept individual IPs and CIDR ranges. Anyone outside these ranges gets a 403 Forbidden response.<\/p>\n\n\n\n<p>Test and reload Apache:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo apachectl configtest && sudo systemctl reload apache2<\/code><\/pre>\n\n\n\n<p>Verify the restriction is working by trying to access phpLDAPadmin from an IP not in the allow list &#8211; you should get a 403 error.<\/p>\n\n\n\n<p>For an extra layer of protection, you can also enable HTTP Basic Authentication in front of phpLDAPadmin. This means users need to pass an Apache password prompt before they even reach the LDAP login page:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo apt install apache2-utils -y\nsudo htpasswd -c \/etc\/apache2\/.htpasswd ldapadmin<\/code><\/pre>\n\n\n\n<p>Then add authentication directives to the <code>Directory<\/code> block in your virtual host:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>&lt;Directory \/usr\/share\/phpldapadmin\/htdocs&gt;\n    Options -Indexes +FollowSymLinks\n    AllowOverride All\n\n    AuthType Basic\n    AuthName \"phpLDAPadmin - Restricted\"\n    AuthUserFile \/etc\/apache2\/.htpasswd\n    Require valid-user\n&lt;\/Directory&gt;<\/code><\/pre>\n\n\n\n<p>Reload Apache after making changes:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo systemctl reload apache2<\/code><\/pre>\n\n\n\n<p>For alternatives to phpLDAPadmin, check out <a href=\"https:\/\/computingforgeeks.com\/install-and-configure-ldap-account-manager-on-ubuntu\/\" target=\"_blank\" rel=\"noreferrer noopener\">LDAP Account Manager<\/a> which provides a different approach to LDAP directory management with user-friendly templates.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Conclusion<\/h2>\n\n\n\n<p>You now have phpLDAPadmin running on Ubuntu 24.04 or Debian 13 with Apache, secured by HTTPS and IP-based access restrictions. The web interface makes daily LDAP operations &#8211; creating users, managing groups, browsing entries &#8211; significantly faster than working with command-line tools.<\/p>\n\n\n\n<p>For production environments, consider setting up <a href=\"https:\/\/computingforgeeks.com\/how-to-install-and-configure-openldap-server-on-debian\/\" target=\"_blank\" rel=\"noreferrer noopener\">OpenLDAP replication<\/a> for high availability, configuring regular LDAP database backups with <code>slapcat<\/code>, and enabling audit logging to track directory changes. Keep phpLDAPadmin and your PHP packages updated to patch any security vulnerabilities.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>phpLDAPadmin is a web-based LDAP browser and administration tool that gives you a graphical interface for managing your OpenLDAP directory. Instead of running command-line utilities like ldapadd, ldapmodify, and ldapsearch for every operation, you get a point-and-click interface for creating organizational units, user accounts, groups, and modifying LDAP entries. The project is hosted on GitHub &#8230; <a title=\"Install phpLDAPadmin on Ubuntu 24.04 \/ Debian 13\" class=\"read-more\" href=\"https:\/\/computingforgeeks.com\/install-phpldapadmin-ubuntu-debian\/\" aria-label=\"Read more about Install phpLDAPadmin on Ubuntu 24.04 \/ Debian 13\">Read more<\/a><\/p>\n","protected":false},"author":3,"featured_media":1539,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[26,299,50,81],"tags":[302,300,301],"class_list":["post-1537","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-debian","category-how-to","category-linux-tutorials","category-ubuntu","tag-ldap","tag-openldap","tag-phpldapadmin"],"_links":{"self":[{"href":"https:\/\/computingforgeeks.com\/wp-json\/wp\/v2\/posts\/1537","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/computingforgeeks.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/computingforgeeks.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/computingforgeeks.com\/wp-json\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/computingforgeeks.com\/wp-json\/wp\/v2\/comments?post=1537"}],"version-history":[{"count":1,"href":"https:\/\/computingforgeeks.com\/wp-json\/wp\/v2\/posts\/1537\/revisions"}],"predecessor-version":[{"id":163614,"href":"https:\/\/computingforgeeks.com\/wp-json\/wp\/v2\/posts\/1537\/revisions\/163614"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/computingforgeeks.com\/wp-json\/wp\/v2\/media\/1539"}],"wp:attachment":[{"href":"https:\/\/computingforgeeks.com\/wp-json\/wp\/v2\/media?parent=1537"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/computingforgeeks.com\/wp-json\/wp\/v2\/categories?post=1537"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/computingforgeeks.com\/wp-json\/wp\/v2\/tags?post=1537"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}