Choose a different version or distribution
Introduction
Before we begin talking about how to install OpenLDAP, let’s briefly understand - What is OpenLDAP?
OpenLDAP is an open-source directory software for streamlined data storage and access. It acts as a central repository for user accounts, email addresses, and other data. OpenLDAP supports flexible search capabilities and follows the Lightweight Directory Access Protocol (LDAP) standard.
It allows integration with various applications and serves as a key component in managing identities within businesses efficiently. With OpenLDAP, organizations can streamline user authentication, improve security, and enhance productivity. Consider implementing OpenLDAP to simplify directory management and enhance information retrieval within your organization effectively.
In this tutorial, you will install OpenLDAP Server on Ubuntu 20.04. We will also address a few FAQs on how to install OpenLDAP Server on Ubuntu 20.04.
Advantages of OpenLDAP
- Centralized Storage: OpenLDAP provides a centralized repository for user data, making it easier to manage and access information.
- Scalability: It offers excellent scalability, allowing organizations to store and retrieve large amounts of data efficiently.
- Flexibility: OpenLDAP supports various platforms and can integrate with multiple applications, providing flexibility for diverse environments.
- Security: With features like access control and authentication, OpenLDAP ensures secure management of sensitive data.
- Cost-effective: Being an open-source solution, OpenLDAP eliminates licensing costs, making it a cost-effective choice for organizations.
Step 1 - Installing LDAP Server
1) Firstly, install OpenLDAP which is an open-source implementation of LDAP and some traditional LDAP management utilities using the below command:
yum install openldap openldap-servers #CentOS 7
sudo apt install slapd ldap-utils #Ubuntu 16.04/18.04
2) Now, during the package installation, you will be prompted to enter the password for the admin entry in your LDAP directory. Make sure to set a secure password.
3) To start the OpenLDAP server daemon, run the following command and make the configurations so it can auto-start at the boot time and check if it's up and running:
sudo systemctl start slapd
sudo systemctl enable slapd
sudo systemctl status slapd
4) Next, you need to allow requests to the LDAP server daemon:
firewall-cmd --add-service=ldap #CentOS 7
sudo ufw allow ldap #Ubuntu 16.04/18.04
Step 2 - Configuring the LDAP-server
1) Now, you need to create an OpenLDAP administrative user and assign a password. For the given password, a hash value will be created. Take a note of it as it will be used later in the LDAP configuration.
slappasswd
2) Now, create an LDIF file (ldaprootpasswd.ldif). It is used to add an entry to the LDAP directory.
sudo vim ldaprootpasswd.ldif
3) Then, add the below contents to it:
dn: olcDatabase={0}config,cn=config
changetype: modify
add: olcRootPW
olcRootPW: {SSHA}PASSWORD_CREATED
The above pair of attribute-value means:
- olcDatabase - it indicates a specific database instance name.
- cn=config - indicates the global config options.
- Password - it is the hashed string obtained while creating an administrative user.
4) Now, specify the URI referring to the LDAP server and the file above
sudo ldapadd -Y EXTERNAL -H ldapi:/// -f ldaprootpasswd.ldif
Step 3 - Configuring the LDAP database
1) Next, import some basic LDAP schemas from the /etc/openldap/
schema directory as below:
sudo ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/cosine.ldif
sudo ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/nis.ldif
sudo ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/inetorgperson.ldif
2) After that, add your domain to the LDAP database and create a file called ldapdomain.ldif
for your domain:
sudo vim ldapdomain.ldif
3) After that, add the following content and make sure to replace the PASSWORD with the hashed value you got before:
dn: olcDatabase={1}monitor,cn=config
changetype: modify
replace: olcAccess
olcAccess: {0}to * by dn.base="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth"
read by dn.base="cn=Manager,dc=example,dc=com" read by * none
dn: olcDatabase={2}hdb,cn=config
changetype: modify
replace: olcSuffix
olcSuffix: dc=example,dc=com
dn: olcDatabase={2}hdb,cn=config
changetype: modify
replace: olcRootDN
olcRootDN: cn=Manager,dc=example,dc=com
dn: olcDatabase={2}hdb,cn=config
changetype: modify
add: olcRootPW
olcRootPW: {SSHA}PASSWORD
dn: olcDatabase={2}hdb,cn=config
changetype: modify
add: olcAccess
olcAccess: {0}to attrs=userPassword,shadowLastChange by
dn="cn=Manager,dc=example,dc=com" write by anonymous auth by self write by * none
olcAccess: {1}to dn.base="" by * read
olcAccess: {2}to * by dn="cn=Manager,dc=example,dc=com" write by * read
4) Now, add the above configuration to the LDAP database with the command:
sudo ldapmodify -Y EXTERNAL -H ldapi:/// -f ldapdomain.ldif
5) Here, you will add some entries to the LDAP directory. Then create another file called baseldapdomain.ldif
with the following content:
dn: dc=example,dc=com
objectClass: top
objectClass: dcObject
objectclass: organization
o: example com
dc: example
dn: cn=Manager,dc=example,dc=com
objectClass: organizationalRole
cn: Manager
description: Directory Manager
dn: ou=People,dc=example,dc=com
objectClass: organizationalUnit
ou: People
dn: ou=Group,dc=example,dc=com
objectClass: organizationalUnit
ou: Group
6) Now, save the file and add the entries to the LDAP directory.
sudo ldapadd -Y EXTERNAL -x -D cn=Manager,dc=example,dc=com -W -f baseldapdomain.ldif
7) The next step will be to create an LDAP user, for example, vegauser and set a password for this user as:
sudo useradd vegauser
$ sudo passwd vegauser
8) Now, create the definitions for an LDAP group in a file nameld ldapgroup.ldif
with the following content:
dn: cn=Manager,ou=Group,dc=example,dc=com
objectClass: top
objectClass: posixGroup
gidNumber: 1005
9) gidNumber is the GID in /etc/group
for vegauser and then add it to the OpenLDAP directory.
$ sudo ldapadd -Y EXTERNAL -x -W -D "cn=Manager,dc=example,dc=com" -f ldapgroup.ldif
10) Finally, create another LDIF file called ldapuser.ldif
and add the definitions for the user vegauser.
dn: uid=tecmint,ou=People,dc=example,dc=com
objectClass: top
objectClass: account
objectClass: posixAccount
objectClass: shadowAccount
cn: tecmint
uid: tecmint
uidNumber: 1005
gidNumber: 1005
homeDirectory: /home/tecmint
userPassword: {SSHA}PASSWORD_HERE
loginShell: /bin/bash
gecos: tecmint
shadowLastChange: 0
shadowMax: 0
shadowWarning: 0
11) Next, load the configuration to the LDAP directory.
$ ldapadd -Y EXTERNAL -x -D cn=Manager,dc=example,dc=com -W -f ldapuser.ldif
After, you have set up a central server for authentication, the final part will be to enable the client authentication.
FAQs to Install OpenLDAP Server on Ubuntu 20.04
How to configure OpenLDAP Server on Ubuntu 20.04?
During installation, a configuration wizard will guide you. Additionally, you can manually configure settings in the /etc/ldap/slapd.conf
file.
What is the default directory where data is stored?
OpenLDAP Server stores data in the /var/lib/ldap
directory by default.
How to manage OpenLDAP Server after installation?
Use the dpkg-reconfigure slapd
command to reconfigure OpenLDAP Server, or modify the server's configuration file manually.
How to add users to the OpenLDAP Server?
Use the ldapadd
command, along with an LDIF file that contains user information, to add users to the OpenLDAP Server.
What tools can I use to administer OpenLDAP Server?
Tools like ldapsearch, ldapmodify, and ldapdelete are commonly used to manage and administer OpenLDAP Server from the command line.
Where can I find more information and resources about OpenLDAP Server?
Refer to the OpenLDAP documentation at "www.openldap.org/doc/guide.html" for detailed information and community resources for OpenLDAP Server on Ubuntu 20.04.
Can OpenLDAP Server be integrated with other applications?
Yes, OpenLDAP Server can be integrated with various applications, such as email servers, web applications, and centralized authentication systems.
Conclusion
We hope this tutorial helped you to install the OpenLDAP Server.
If you have any queries, please leave a comment below and we’ll be happy to respond to them.