In this post we will install OpenLDAP on Ubuntu 18.04.
OpenLDAP is a free open-source implementation of LDAP (Lightweight Directory Access Protocol). LDAP is a datastore mostly used for storing user identities and for user authentication.
What is LDAP?
LDAP stores the information in a hierarchical format called Directory Information Tree(DIT). The DIT contains nested entries, each entry has some attributes, defined by the objectClass of the entry. The schema of LDAP tree defines which attributes are available for each objectClass.
Each entry in the tree has a DN (distinguished name) which uniquely identifies it. The root of the tree also has a distinguished name which is sometimes called suffix or root DN.
Step 1. Install OpenLDAP
Let’s jump right in and install the LDAP software itself. The command is $ sudo apt install -y ldap-utils slapd
During installation we will have to provide password for LDAP admin account:
Once you provide the password, the installation will resume for a while and then finish.
Step 2. Default configuration.
The installation has completed, so let’s have a look at the initial configuration. Run sudo slapcat to check the default directory contents. The output has a special format called LDIF (LDAP Data Interchange Format):
There are two entries in our directory: first entry represents the root of our tree and the second represents the admin user. Those entries have different objectClasses and therefore have different attributes.
As you can see the top leveldistinguished name (the root of our tree) is dc = nodomain, because we don’t have any domain related configuration on our server.
The dn (distinguished name) for admin user is cn=admin,dc=nodomain
Step 3. Initial configuration wizard
Now we need to prepare our configuration files for further use. Let’s run a special wizard to do this:
sudo dpkg-reconfigure slapd
For Omit OpenLDAP server configuration? select No:
For DNS domain name enter the domain like geekstuff.org. This domain name will be used to construct a base DN for the tree, if you remember at the moment it is just dc=nodomain.
Then enter the organization name and proceed.
Enter the administrator password and then confirm it:
For Database Backend to use select MDB:
Do you want the database to be removed when slapd is purged? Choose No:
For Move old database? choose Yes:
Then the wizard will finish its work and you will see the similar message in your terminal:
Step 4. Verify the changes
Now if you sudo slapcat again you will see that our base DN for the tree has been changed to dc=geekstuff,dc=org and the DN for the admin is now cn=admin,dc=geekstuff,dc=org. These changes have been made by the wizard we have just run.
You can also run $ systemctl status slapd to make sure OpenLDAP daemon is running:
Step 5. Configure LDAP client
So far we have been configuring the server part of OpenLDAP. Now let’s configure the client part so we can test the connection. The client configuration file is /etc/ldap/ldap.conf
Make sure that file contains values for both BASE and URI. BASE defines where the client should start the search in the directory tree. URI defines the location of the server itself.
My config looks like this:
BASE is set to the DN of the tree, because I want the client to start its search in the root. URI is set to localhost, because the server is on the same server.
Step 6. Make a test connection
Let’s test out OpenLDAP server. Run the following command ldapsearch -x:
We have successfully received the response to our request, which means that our OpenLDAP server is working. ldapsearch is a utility that allows us to make various LDAP requests. There are also ldapadd and ldapmodify utilities, which are used for basic manipulations with LDAP entries.
Now you should have a working OpenLDAP server supporting LDAPv3. Thank you for reading.