How to Install OpenLDAP on Ubuntu Server 22.04

Image: Profit_Image/Shutterstock

LDAP is a powerful vendor-neutral application protocol for access directory services. OpenLDAP is a free implementation of LDAP and is used on a network to manage and access a distributed directory service, which can be used for things like PC logins. OpenLDAP is widely used because it is cost effective, operating system independent, and flexible. Although OpenLDAP is powerful, it is also complex.

I want to demystify the complexity of deploying OpenLDAP so that anyone with even a basic understanding of Linux and the command line can make this platform work.

SEE: 40+ open source and Linux terms you need to know (TechRepublic Premium)

What you will need to install OpenLDAP on Ubuntu Server 22.04

I’ll be demoing on Ubuntu Server 22.04, so you’ll need an instance of that OS running either on a bare metal system, as a virtual machine, or on a third-party cloud host. And, you will need a user with sudo privileges.

Ready to do some LDAP magic?

How to install OpenLDAP

Install software

The first thing to do is to install the software. Log in to your Ubuntu instance and run the command:

sudo apt-get install slapd ldap-utils -y

During installation, you will be asked to create an administrator password, so be sure to enter it and verify it when prompted.

How to configure OpenLDAP

Configure slapd

The first thing you need to do is configure slapd, which is handled by the command:

sudo dpkg-reconfigure slapd

Here are the details you will be asked to answer as well as the answers you will have to give.

  • Omit OpenLDAP server configuration: Nope
  • DNS domain name: The domain name used for your OpenLDAP server, which is used to create the base DN (Distinguished Name).
  • Name of the organization: The name of your organization
  • Administrator password: This is the password you set when installing OpenLDAP.
  • Would you like the database to be deleted when slapd is purged? Nope
  • Move the old database? Yes
  • Allow LDAPv2 protocol? Nope

How to configure ldapd.conf

Open the necessary configuration file with the command:

sudo nano /etc/ldap/ldap.conf

In this file, find the following line:

BASE dc=your-domain,dc=com

Edit this line to reflect the domain you defined when configuring slapd. Also make sure the URI line looks like this:

URI  ldap://localhost

Save and close the file.

Before installing the LDAP Account Manager, let’s test to make sure everything is working as expected. To do this run the command:

ldapsearch -x

Near the bottom of the output, you should see:

result: 0 success

The line above indicates that everything is fine.

How to Install LDAP Account Manager

Install dependencies

Let’s start by installing the necessary dependencies with the command:

sudo apt-get install apache2 php-fpm php-imap php-mbstring php-mysql php-json php-curl php-zip php-xml php-bz2 php-intl php-gmp php-redis -y

Install LAM

Next, install LAM with:

sudo apt-get install ldap-account-manager -y

Create a virtual host

We can now create a virtual host for Apache to be aware of the site. Create the configuration file with the command:

sudo nano /etc/apache2/sites-available/lam.conf

In this file, enter this code, making sure to modify the ServerName option:

OPENLDAP code snippet.

Save and close the file.

Activate the site and reload Apache

With our virtual host configuration in place, enable it with the command:

sudo a2ensite lam.conf

Reload apache with:

sudo systemctl reload apache2

Delete index file

Finally, remove the default index.html file with:

sudo mv /var/www/html/index.html ~/

How to access LAM

Access the web interface

Open a web browser and point it to http://SERVER/lam where SERVER is either the IP address or the domain of the OpenLDAP hosting server. You should be greeted by the LAM login screen (Figure A).

Figure A

LAM login screen.
The LAM login screen

Configure the web interface

Click LAM Configuration in the upper right corner and click Edit Server Profiles (Figure B).

Figure B

The LAM configuration window.
The LAM configuration window

You will be prompted to enter the default profile password, which is I am. In the resulting page (Figure C), you need to configure the Tree suffix under Tool Settings to match the domain you set when configuring slapd.

Figure C

Configuration of your domain in LAM.
Configuring your domain in LAM

Scroll down to Security Settings and configure the same domain for valid user list (Figure D) and be sure to change cn=Manager to cn=admin.

Figure D

Configuring security settings for LAM.
Configuring security settings for LAM

Now scroll to the bottom of this page and change the LAM admin password.

Configure users

Click on the Account Types tab and find the Users and Groups sections, where you will configure your domain in the LDAP suffix as your domain (Figure E).

Figure E

Configuring users and groups to use the domain in LAM.
Configuring users and groups to use the domain in LAM

Click Save and you will be taken back to the login window.

Log in with admin and the password you created for OpenLDAP during installation and you are ready to start working with OpenLDAP from the convenience of the LAM GUI.

Congratulations! You now have OpenLDAP up and running.

Subscribe to TechRepublic How to make technology work on YouTube for all the latest tech tips for professionals from Jack Wallen.

Comments are closed.