Blog

Setup OpenLDAP server on Debian 10

Introduction

In this tutorial we cover how to install OpenLDAP server on Debian 10. This tutorial should be more or less compatible with all Linux distros.

OpenLDAP is a Lightweight Directory Access Protocol (LDAP) server which can be used to authenticate users against a centralized authority server.

Step 1 – Update all packages

First we want to make sure that our server is fully updated and upgraded. This can be achieved with:

apt update && apt upgrade -y

Step 2 – Install OpenLDAP package

OpenLDAP requires two packages to function: slapd – LDAP standalone daemon ldap-utils – Useful tools for local LDAP management

To install these packages type

apt install slapd ldap-utils -y

Step 3 – Set password for slapd

After you have installed required packages an install prompt will appear:

Here you need to type your new LDAP admin password. It’s always recommended to use strong and complex passwords.

Step 4 – Verify install of slapd

Now we can verify if the installation was successful:

slapcat

This command outputs current domain structure.

Step 5 – Edit directory domain

You need edit ldap.conf to fit your needs.

nano /etc/ldap/ldap.conf
#
# LDAP Defaults
#

# See ldap.conf(5) for details
# This file should be world readable but not world writable.

#BASE    dc=example,dc=com
#URI     ldap://ldap.example.com ldap://ldap-master.example.com:666

#SIZELIMIT      12
#TIMELIMIT      15
#DEREF          never

# TLS certificates (needed for GnuTLS)
TLS_CACERT      /etc/ssl/certs/ca-certificates.crt
Uncomment:  

#BASE    dc=example,dc=com  
#URI     ldap://ldap.example.com ldap://ldap-master.example.com:666  

and modify BASE to fit your needs.
I'm using openldap-tutorial.local in my config.
# LDAP Defaults
#

# See ldap.conf(5) for details
# This file should be world readable but not world writable.

BASE    dc=openldap-tutorial,dc=local
URI     ldap://ldap.example.com ldap://ldap-master.example.com:666

#SIZELIMIT      12
#TIMELIMIT      15
#DEREF          never

# TLS certificates (needed for GnuTLS)
TLS_CACERT      /etc/ssl/certs/ca-certificates.crt

Step 6 – Configure OpenLDAP

Now we can configure OpenLDAP:

dpkg-reconfigure slapd

Now enter same base name which you configured on previous step.

Then you need enter organization name:

Then enter your LDAP admin password configured on step 3.

When installer ask which database to use for backend, select MDB as it’s most modern.

Select no when installer ask if database should be removed when slapd is purged.

Allow installer to move old database.

Step 7 – Verify changed domain structure

slapcat

We can now notice that our distinguished name (dn) is changed.

Conclusion

Now your OpenLDAP server is successfully configured and is ready to use. You can use shell or GUI to manage it.

A couple of good GUI options are: phpLDAPadmin Apache Directory Studio

Reprint:https://community.hetzner.com/tutorials/setup-openldap-server-on-debian

Posted

in

by

admin

Tags:

Comments

Leave a Reply

Your email address will not be published. Required fields are marked *