Skip to main content

Install OpenLDAP In Ubuntu 15.10 And Debian 8

About OpenLDAP

OpenLDAP is a free open source Light Weight Directory Access protocol developed by the OpenLDAP project. It is a platform independent protocol, so that it runs on all Linux/Unix like systems, Windows, AIX, Solaris and Android.
OpenLDAP includes:
  • slapd – stand-alone LDAP daemon (server)
  • libraries implementing the LDAP protocol, and utilities, tools, and sample clients.
In this tutorial, let us see how to install OpenLDAP and how to configure it in Ubuntu / Debian server. I tested this tutorial in Ubuntu 15.10, however this steps should work on Debian 7/8 and previous versions of Ubuntu, including Ubuntu 15.04/14.10/14.04 etc.
Here is my testing system’s details:
  • Operating System : Ubuntu 15.10 64 bit server
  • Hostname : server.unixmen.local
  • IP Address : 192.168.1.103/24
First let us see how to install openLDAP.

1. Install OpenLDAP in Ubuntu 15.10 / Debian 8

Enter the following command in Terminal to install openldap.
Switch to root user:
sudo su

Or
su
Run the following command to install OpenLDAP.
apt-get install slapd ldap-utils
During the installation, you’ll be asked to set password for the LDAP admin account. Enter your admin password here.
root@server: -home-sk_001
Re-enter the password.
root@server: -home-sk_002
OpenLDAP is installed now. Let’s go to the configuration task.

2. Configure OpenLDAP

Edit “/etc/ldap/ldap.conf” file,
vi /etc/ldap/ldap.conf
Find, uncomment and replace ‘BASE’ and ‘ URI’ values with your domain name and IP Address as shown below.
#
# LDAP Defaults
#
# See ldap.conf(5) for details
# This file should be world readable but not world writable.
BASE    dc=unixmen,dc=local
URI     ldap://server.unixmen.local ldap://server.unixmen.local:666
#SIZELIMIT      12
#TIMELIMIT      15
#DEREF          never
# TLS certificates (needed for GnuTLS)
TLS_CACERT      /etc/ssl/certs/ca-certificates.crt
Save and close the file.
Next, we should reconfigure the slapd with the updated values.
dpkg-reconfigure slapd
The following screen should appear. Select “No” and press Enter.
root@server: -home-sk_003
Enter the DNS domain name.
root@server: -home-sk_004
Enter the Organization name (i.e your company name).
root@server: -home-sk_005
Enter the LDAP admin password which you created in the earlier step.
root@server: -home-sk_006
Re-enter the password.
root@server: -home-sk_007
Select the backend database. I go with defaults.
root@server: -home-sk_003
Select whether you want to delete the database automatically or keep it when slapd is removed. Here I want to keep my old database, so I clicked No.
root@server: -home-sk_009
Select Yes to move old database.
root@server: -home-sk_010
Select No and Press Enter.
root@server: -home-sk_011
That’s it. We have successfully configured OpenLDAP. Let us go ahead and check whether it’s working or not.

Test LDAP Server

Run the following command to test OpenLDAP:
ldapsearch -x
Sample output:
# extended LDIF
#
# LDAPv3
# base  (default) with scope subtree
# filter: (objectclass=*)
# requesting: ALL
#

# unixmen.local
dn: dc=unixmen,dc=local
objectClass: top
objectClass: dcObject
objectClass: organization
o: unixmen
dc: unixmen

# admin, unixmen.local
dn: cn=admin,dc=unixmen,dc=local
objectClass: simpleSecurityObject
objectClass: organizationalRole
cn: admin
description: LDAP administrator

# search result
search: 2
result: 0 Success

# numResponses: 3
# numEntries: 2
If you see the ‘Success’ message in your output, then Congratulations! LDAP Server is working!!

LDAP Server Administration

Administration of LDAP server from command line mode is bit difficult. We can’t memorize all LDAP commands. So, we will use an easier GUI administration tool called “phpldapadmin” to manage, configure, and administer LDAP server.

Install phpLDAPadmin

phpLDAPadmin is a web-based LDAP administration tool for managing your LDAP server. Using phpLDAPadmin, you can browse your LDAP tree, view LDAP schema, perform searches, create, delete, copy and edit LDAP entries. You can even copy entries between servers.
Enter the following command to install phpLDAPAdmin:
apt-get install phpldapadmin
Create a symbolic link for phpldapadmin directory.
ln -s /usr/share/phpldapadmin/ /var/www/html/phpldapadmin
On Ubuntu 14.10 and lower versions, run:
ln -s /usr/share/phpldapadmin/ /var/www/phpldapadmin
Edit “/etc/phpldapadmin/config.php” file,
vi /etc/phpldapadmin/config.php
Set the correct timezone. To do that, find and uncomment the following line and set your Timezone.
[...]
$config->custom->appearance['timezone'] = 'Asia/Kolkata';
[....]
Scroll down further and Replace the domain names with your own values.
To do that, Find “Define LDAP Servers” section in the config file and edit the following lines as shown below.
[...]
// Set your LDAP server name //
$servers->setValue('server','name','Unixmen LDAP Server');
[...]
// Set your LDAP server IP address // 
$servers->setValue('server','host','192.168.1.103');
[...]
// Set Server domain name //
$servers->setValue('server','base',array('dc=unixmen,dc=local'));
[...]
// Set Server domain name again//
$servers->setValue('login','bind_id','cn=admin,dc=unixmen,dc=local');
[...]
Restart the apache service.
systemctl restart apache2
On Ubuntu 14.10 and older versions, run:
service apache2 restart
Make sure that you have opened apache server port “80” and LDAP default port “389” in your firewall/router configuration.
ufw allow 80
Sample output:
Rules updated
Rules updated (v6)
ufw allow 389
Sample output:
Rules updated
Rules updated (v6)
The above steps are not necessary for Debian systems.

Test phpLDAPadmin

Open your web browser and navigate to: “http://IP-Address/phpldapadmin”.
The following screen should appear.
phpLDAPadmin (1.2.2) – – Google Chrome_004
Click “login” on the left pane. Enter the LDAP admin password that you have created during OpenLDAP installation, and click “Authenticate”.
phpLDAPadmin (1.2.2) – – Google Chrome_005
Now the main console screen of phpldapadmin will open.
You can see the LDAP domain “unixmen.local” and other details on the left.
phpLDAPadmin (1.2.2) – – Google Chrome_006
From here, you can add additional objects, such as Organizational Unit, Users and groups etc.

Creating Objects

1. Create Organizational Unit(OU):

Lets create some sample objects from the phpldapadmin console. First, we will create an OU.
Click on the “+” sign near the line “dc=unixmen” and click “Create new entry here”link.
Selection_007
Scroll down and Select “Generic-Organizational Unit”.
Selection_008
Enter the name of the Organizational unit (Ex.sales) and Click “Create Object”.
Selection_009
Finally, click “Commit”.
Selection_010
Now, you will see the newly created OU in main LDAP section on the left pane.
Selection_011

2. Create Group:

Click on the sales OU on the left pane and click on “Create a child entry” link.
phpLDAPadmin (1.2.2) – – Google Chrome_012
In the next window, Select “Generic: Posix Group”.
Selection_013
Enter the name of the group and click Create Object button. For example, here i enter the group name as “sales-group”.
Selection_014
Click Commit to save changes.
Selection_015
Now you can see that the newly created group called “sales-group” under the sales OU.
Selection_016

3. Create User:

Now, let us create a new user under sales-group.
Click on the sales-group on the left. Select Create a child entry link button.
phpLDAPadmin (1.2.2) – – Google Chrome_017
In the next window, Select “Generic: User Account”.
Selection_018
Enter the user details such as common name, GID number, last name, Login shell, user password and user id etc., as shown in the below screen shot and click Create object. For example. here I am going to create a user called “kumar”.
phpldapadmin_cmd
And then Click “Commit” to save the changes.
Selection_019
Now the newly created user “kumar” will be found under “sales-group” object.
Selection_020
Also, you can verify the newly created objects are really existing with command:
ldapsearch -x
Sample output:
# extended LDIF
#
# LDAPv3
# base  (default) with scope subtree
# filter: (objectclass=*)
# requesting: ALL
#

# unixmen.local
dn: dc=unixmen,dc=local
objectClass: top
objectClass: dcObject
objectClass: organization
o: unixmen
dc: unixmen

# admin, unixmen.local
dn: cn=admin,dc=unixmen,dc=local
objectClass: simpleSecurityObject
objectClass: organizationalRole
cn: admin
description: LDAP administrator

# sales, unixmen.local
dn: ou=sales,dc=unixmen,dc=local
objectClass: organizationalUnit
objectClass: top
ou: sales

# sales-group, sales, unixmen.local
dn: cn=sales-group,ou=sales,dc=unixmen,dc=local
gidNumber: 500
cn: sales-group
objectClass: posixGroup
objectClass: top

# kumar, sales-group, sales, unixmen.local
dn: cn=kumar,cn=sales-group,ou=sales,dc=unixmen,dc=local
cn:: IGt1bWFy
gidNumber: 500
homeDirectory: /home/users/kumar
sn: kumar
loginShell: /bin/sh
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: top
uidNumber: 1000
uid: kumar

# search result
search: 2
result: 0 Success

# numResponses: 6
# numEntries: 5
As you see in the above output, the new objects, namely ‘sales’‘sales-group’, and ‘kumar’ have been successfully created under the main LDAP domain. Similarly, you can create as many as objects you wanted.
Installing and configuring OpenLDAP in Debian and Ubuntu and derivatives is really easy and straight forward. Even a novice users can easily setup a working LDAP server within an hour.
Now OpenLDAP Server is ready to use.

Labels:

Comments

Post a Comment

Popular posts from this blog

Create a Restore Point for Windows 7 or Vista’s System Restore

If you are thinking of installing an application but aren’t quite sure what it’s going to do to your computer, I would absolutely recommend creating a restore point before you install that application, and here are the steps to do so. Note that most application installs automatically create a restore point, but you can do this if you are really worried. Open up the Start Menu and right-click on “Computer”, and then select “Properties”. This will take you into the System area of Control Panel. Click on the “System Protection” link on the left hand side. Now select the “System Protection” tab to get to the System Restore section. Click the “Create” button to create a new restore point. You’ll be prompted for a name, and you might want to give it a useful name that you’ll be able to easily identify later. Click the Create button, and then the system will create the restore point. When it’s all finished, you’ll get a message saying it’s completed successf...
Post a Comment
Read more

How to Clean Up Your Messy Windows Context Menu

One of the most irritating things about Windows is the context menu clutter that you have to deal with once you install a bunch of applications. It seems like every application is fighting for a piece of your context menu, and it’s not like you even use half of them. Today we’ll explain where these menu items are hiding in your registry, how to disable them the geeky way, and an easier cleanup method for non-geeks as well. Either way, your context menu won’t look like this one anymore… Cleaning the Context Menu by Hacking the Registry If you want to clean things up the truly geeky way, you can open up regedit.exe through the start menu search or run box, and then browse down to one of the following keys… sadly the context menu items are not stored in a single location. Most of the menu items that used for all files and folders can be found by looking at one of these keys: HKEY_CLASSES_ROOT\*\shell HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers HKEY_CLASSES_...
Post a Comment
Read more

Tiny 11 - A Lightweight Windows 11 that can run on 2GB RAM and requires less harddisk space.

  In terms of Windows 11, its   system requirements   are high since this system requires at least 4GB RAM, 64GB storage space, enabled TPM & Secure Boot, a high CPU (1 GHz or faster with 2 or more cores on a compatible 64-bit processor), etc. compared to any old Windows operating systems. If you have an old or lower-end PC, Windows 11 is not a good option to install since many issues like random crashes, blue screen errors, etc. could appear on the unsupported hardware. Overview of Tiny11 If you want to run Windows 11 on your old computer with low RAM and disk space, Tiny11 appears in public. It is a project from NTDev and Tiny11 is a Windows 11 tiny edition. This edition is based on Windows 11 Pro 22H2 and includes everything you need for a comfortable computing experience since this tool doesn’t have the bloat and clutter of a standard Windows installation. Tiny11 Requirements In terms of Tiny11 requirements, a scant 8GB of storage and just 2GB of RAM are requ...
Post a Comment
Read more