How to Install LDAP Account Manager (LAM) on Windows 11

LDAP Account Manager (LAM) is a web-based LDAP administration tool that can help manage multiple LDAP servers. In this tutorial, we will guide you through the process of installing LAM on a Windows 11 machine.

Prerequisites

Before we begin, ensure that your Windows 11 machine meets the following requirements:

  • Apache web server
  • PHP version 7.2 or later
  • OpenLDAP installed and configured
  • Access to the internet to download LAM

Step 1: Download LAM

Visit the official website of LAM, https://www.ldap-account-manager.org/lamcms/, and download the latest version of LAM for Windows. Once the download is complete, extract the downloaded ZIP file to a directory of your choice, for example, C:\LAM.

Step 2: Install LAM

2.1 Move LAM to Web Server Directory

LAM is a web-based application, and we need to move it to the directory of the webserver installed.

  • Move the extracted content of the LAM package to the web server’s directory (htdocs on Apache). For example, move the lam directory to C:\xampp\htdocs\lam.

2.2 Configure LAM

LAM comes with a default configuration file that we need to edit to match our system.

  • Open the config.cfg file found in the lam directory, and configure it to match your settings. Be sure to specify the correct port to access the LDAP server (default is 389).
  • Save and close the file.

2.3 Create session directory

  • In the lam directory, create a new directory called session.
  • Give the IIS_IUSRS user write access to the session directory.

2.4 Configure LDAP server

LAM needs access to an LDAP server to manage the authentication and authorization data.

  • Launch a web browser and navigate to http://localhost/lam
  • The LAM login screen should appear. Click on configuration.
  • Click LDAP Servers on the left panel.
  • Click on the Add new entry button and provide the following information:
    • Server name: Any name to identify the LDAP server
    • Host name or IP address: The IP address or hostname of the LDAP server.
    • Port number: The port number where the LDAP protocol is running (default is 389).
    • Protocol version: Leave it to the default value
    • Connection type: Unencrypted (LDAP://)
    • Base DN: The base Distinguished Name for your domain (e.g. dc=example,dc=com)
    • Bind DN: The Distinguished Name used to connect to the LDAP server (e.g. cn=admin,dc=example,dc=com).
    • Password: The password for the Bind DN account.
  • Click the Test Connection button to ensure that LAM can properly connect to the LDAP server.
  • Save and close the configuration window.

2.5 Set up Authentication

LAM supports multiple authentication mechanisms, such as LDAP, SQL, and local files.

  • On the left panel, click on Authentication.
  • In the Authentication method dropdown, select LDAP.
  • In the LDAP server dropdown, select the LDAP server you just configured.
  • Enter the LDAP search base (e.g., cn=users,dc=example,dc=com)
  • Enter the LDAP attribute to search (e.g., uid)
  • Click the Test authentication button to ensure LAM can authenticate users against the LDAP server. If successful, it should display a success message.
  • Save and close the configuration window.

Step 3: Access LAM

  • In a web browser, navigate to http://localhost/lam.
  • You should be prompted to authenticate with LAM. Enter the username and password for an LDAP user with administrative privileges.
  • Upon successful authentication, you should see the LAM dashboard.

Congratulations! You have successfully installed and configured LDAP Account Manager on your Windows 11 machine!