Install and Configure OpenLDAP on Ubuntu 16.04 / Debian 8

2

OpenLDAP is an open-source software implementation of Lightweight Directory Access Protocol, created by OpenLDAP project. It is released under OpenLDAP public license; it is available for all major Linux operating systems, AIX, Android, HP-UX, OS X, Solaris,z/OS, and Windows.

It works like a relational database in certain ways and can be used to store any information. It is not limited to store the information; it can also be used as a backend database for “single sign-on”.

In this guide, we will setup OpenLDAP server for centralized login where the users use the single account to log in to multiple servers.

Environment:

Host Name IP Address OS Purpose
server.itzgeek.local 192.168.12.10 Ubuntu 16.04 / Debian 8 LDAP Server
client.itzgeek.local 192.168.12.20 Ubuntu 16.04 / Debian 8 LDAP Client

Prerequisites:

1. Make an entry for each machine in /etc/hosts for name resolution.

$ sudo vi /etc/hosts

192.168.12.10 server.itzgeek.local server
192.168.12.20 client.itzgeek.local client

or

If you plan to use server name instead of IP address, configure DNS server.

READ: How to Configure DNS Server on CentOS 7 / RHEL7

Here I will use IP address for all the configuration.

Install LDAP:

Let’s start the installation of LDAP server package using “apt-get” command on server.itzgeek.local.

$ sudo apt-get update
$ sudo apt-get -y install slapd ldap-utils

During the installation, the installer will prompt you to set a password for LDAP administrator. Just enter a password of your wish.

Reconfigure OpenLDAP Server:

The installer will automatically create an LDAP directory based on the hostname of your server which is not we want, so we are now going to reconfigure the LDAP. To do that, execute the following command.

$ sudo dpkg-reconfigure slapd

You would need to answer for series of questions prompted by reconfiguration tool.

Omit OpenLDAP server configuration? No (If you select yes, it will just cancel the configuration)

Configure OpenLDAP on Ubuntu 16.04 - Omit OpenLDAP server configuration
Configure OpenLDAP on Ubuntu 16.04 – Omit OpenLDAP server configuration

DNS Domain name:  This is to construct the base DN of the LDAP directory. You can just enter the domain name of your choice.

Configure OpenLDAP on Ubuntu 16.04 - DNS Domain Name
Configure OpenLDAP on Ubuntu 16.04 – DNS Domain Name

Organization name: You can just name your organization.

Configure OpenLDAP on Ubuntu 16.04 - Organization Name
Configure OpenLDAP on Ubuntu 16.04 – Organization Name

Enter the administrator password for LDAP admin account, by default; admin is the name of the administrator user.

Configure OpenLDAP on Ubuntu 16.04 - Administrator password
Configure OpenLDAP on Ubuntu 16.04 – Administrator password

Confirm the administrator password.

Configure OpenLDAP on Ubuntu 16.04 - Confirm Administrator password
Configure OpenLDAP on Ubuntu 16.04 – Confirm Administrator password

Choose the backend format for LDAP: HDB

Configurea OpenLDAP on Ubuntu 16.04 - Choose backend to use
Configure OpenLDAP on Ubuntu 16.04 – Choose backend to use

Choose whether you want the database to be removed when slapd is purged. Select No.

Configure OpenLDAP on Ubuntu 16.04 - Remove Database
Configure OpenLDAP on Ubuntu 16.04 – Remove Database

If you have any old data in the LDAP, you could consider moving the database out of the way before creating a database.

Configure OpenLDAP on Ubuntu 16.04 - Move old database
Configure OpenLDAP on Ubuntu 16.04 – Move old database

You have the option to allow or disable LDAPv2 protocol.

Configure OpenLDAP on Ubuntu 16.04 - Allow v2 protocol
Configure OpenLDAP on Ubuntu 16.04 – Allow v2 protocol

Once the reconfiguration is complete, you would get an output like below.

  Moving old database directory to /var/backups:
  - directory unknown... done.
  Creating initial configuration... done.
  Creating LDAP directory... done.

Verify the LDAP.

$ sudo netstat -antup | grep -i 389

tcp        0      0 0.0.0.0:389             0.0.0.0:*               LISTEN      2233/slapd
tcp6       0      0 :::389                  :::*                    LISTEN      2233/slapd
You might also like