Security

Install and Configure Linux LDAP

LDAP, or Lightweight Directory Access Protocol, is an open-vendor protocol for accessing directory information, such as X.500 service containers. It is useable in Linux and other OS environments.

This write-up describes setting up the LDAP directory on a Linux server. It will provide a step-by-step tutorial on installing, configuring, and testing the OpenLDAP server on Linux systems. It is an open-source implementation of LDAP.

This guide will use Ubuntu 22.04|20.04|18.04 LTS as our operating software. Let’s go!

Step 1: Set Hostname and IP for the Ubuntu Server

This step should come first. So, set a hostname for your system before beginning the installation process. This command should help:

As the host, you should proceed to add your IP address to the /etc/hosts file, as shown below:

At this point, you can replace the example.com with your valid hostname. For example, I may choose to use kenhint.com instead.

Step 2: Install the OpenLDAP Server to the Ubuntu 22.04 System

The actual installation begins at this point. And you will need to start by installing LDAP alongside several of its management utilities and packages. This command will help you accomplish the installation on Ubuntu 22.04.

As part of the installation, you will see a prompt to set your LDAP administrator password. Enter your preferred password in the provided space and press to continue. This will be the interface on your screen.

The following interface will prompt you to enter the password. Key in your password again and press OK.

Step 3: Confirm If the Installation Is Successful

You can use the slapcat command to review the contents and packages in your installation. Expect an outcome similar to the ones in the screenshot below:

Step 4: Add a Base DN for All the Users and Groups

You can add a base DN for each user or group by creating a basedn.ldif file with the following contents:

Replace the example and com in the file with your correct domain credentials and add the base file by running this command:

Step 5: Configure the LDAP Server by Adding User Accounts and Groups

First, it is not recommended to edit the LDAP configuration files manually. So, for better results, it is advisable to add your edits into the configuration file and either use ldapmodify or ldapadd commands to load them into the directory.

You can create an OpenLDAP user account and assign a password to the account with the slappasswd command.

Proceed to create an LDIF file, which you will use for adding users:

We already talked about how you can replace example and com with the right domain credentials. Now, replace {SSHA}Zn4/E5f+Ork7WZF/alrpMuHHGufC3x0k with your password, cn and sn with the correct username values, and linhinttechs with the username you expect to add.

Once you are done making the edits, you are free to add the account by running the following command:

You can do the same to create a group account by first creating the LDIF file. This file is what you will use for adding entries into the directory:

Now, add the group by running this command:

Step 6: Configure the LDAP Database

Configuring the LDAP database starts with copying the sample database of the slapd file into the corresponding /var/lib/ldap directory. You can then set the recommended permissions as in the following screenshot:

Import common LDAP protocol schemas from /etc/openldap/schema directory into the database. This example should help:

Add your domain to the database and create the ldapdomain.ldif, which will help you modify the credentials in the database. Create the file using the following command:

Add the following required information and replace the relevant sections as earlier advised. Then add the outcome into the database using the following command:

Conclusion

OpenLDAP is an open-vendor implementation of the LDAP protocol in Linux environments. The article demonstrates how to install and set up the OpenLDAP server and database for centralized authentication in Ubuntu. I hope you found this article helpful. If you have any thoughts, questions, or concerns, feel free to share them in the comment box below.

About the author

Linux Explorer

Linux Explorer -- Always exploring Linux and learning to advance the state of the art.