OpenLDAP beginner guide

OpenLDAP Software can be downloaded from the project’s download page at http://www.openldap.org/software/download/. OpenLDAP is very similar to Active Directory in Microsoft.

OpenLDAP consolidates the data of an entire organization into a central repository or directory. This data can be accessed from any location on the network. OpenLDAP provides support for Transport Layer Security (TLS) and Simple Authentication and Security Layer (SASL) for providing data protection

Features of OpenLDAP Server

• Supports Simple Authentication and Security Layer and Transport Layer Security (requires OpenSSL libraries )
• Support Kerberos-based authentication services for OpenLDAP clients and servers.
• Support for Ipv6 of Internet Protocol
• Support for stand-alone daemon
• Multiple Database Support viz. MDB, BDB,HDB.
• Supports LDIF(LDAP Data Interchange Format) files
• Supports the LDAPv3

In this guide, we will see how to install and configure the OpenLDAP server on Debian 10(Buster) OS.

Some LDAP Terminologies used in this guide:

1. Entry — It is a single unit in an LDAP directory. It is identified by its unique Distinguished Name (DN).
2. LDIF((LDAP Data Interchange Format))— (LDIF) is an ASCII text representation of entries in LDAP. Files containing the data to be imported to LDAP servers must be in LDIF format.
3. slapd — standalone LDAP server daemon
4. slurpd — A daemon that is used to synchronize changes between one LDAP server to other LDAP servers on the network. It is used when multiple LDAP servers are involved.
5. slapcat — This command is used to Pull entries from an LDAP directory and saves them in an LDIF file.

Configuration of our machine :

• Operating System: Debian 10(Buster)
• IP Address : 10.0.12.10
• Hostname: mydns.linuxhint.local

Steps for installing OpenLDAP Server on Debian 10(Buster)

Before Proceeding to installation, first, update the repository and installed packages with the following command:

Step 1. Install the slapd package (the OpenLDAP server).

enter the admin password when prompted

Step 2. check the status of the slap service with the following command:

Step 3. Now configure slapd with the command given below:

After running the above command, you will be prompted for several questions:

1. Omit OpenLDAP server configuration?

   Here you have to click ‘No’.

2. DNS domain name:

   Enter the DNS domain name for constructing the base DN(Distinguished Name) of your LDAP directory. You may enter any name that best suits your requirement. We are taking mydns.linuxhint.local as our domain name, which we have already setup on our machine.

   Tip: It is suggested to use the .local TLD for the internal network of an organization. This is because it avoids conflicts between internally used and externally used TLD’s like .com, .net, etc.

   Note: We recommend to note down your DNS domain name and administrative password on plain paper. It will be helpful later when we configure the LDAP configuration file.

3. Organization name:

   Here enter the name of the organization you want to use in the base DN and press enter. We are taking linuxhint.

4. Now, you will be asked for the administrative password which you set earlier while installing in the very first step.

   When you press enter, it will again ask you to confirm the password. Just enter the same password again and enter to continue.

5. Database backend to use:

   Select the database for the back-end as per your requirement. We are selecting MDB.

6. Do you want the database to be removed when slapd is purged?

   Enter ‘No’ here.

7. Move the old database?

   Enter ‘Yes’ here.

After completing the above steps, you will see the following output on the terminal window:

To verify the configuration, run the following command:

It should produce an output something like below:

Now again, check the status of our OpenLDAP server using the below command:

It should show an active running status. If this is the case, then you are correctly
building up the things.

Step 4. Open and edit the /etc/ldap/ldap.conf to configure OpenLDAP. Enter the following command:

You can also use some other text editor besides nano, whichever is available in your case.

Now uncomment the line that begins with BASE and URI by removing “#” at the start of the line. Now add the domain name you entered while setting up the OpenLDAP server configuration. In the URI section, add the IP address of the server with port number 389. Here is the snippet of our config file after modifications:

Step 5: Now check if the ldap server is working by the following command:

It should produce an output similar to the one below :

If you get a success message, as highlighted in the above output, this means that your LDAP server is correctly configured and is working properly.

That’s all done installing and configuring OpenLDAP on Debian 10(Buster).

What you can do next is to:

1. Create OpenLDAP user accounts.
2. Install phpLDAPadmin to administer your OpenLDAP server from a front-end web-based application.
3. Try installing the OpenLDAP server on other debian based distros like Ubuntu, Linux Mint, Parrot OS, etc.

Also, do not forget to share this guide with others.