OpenLDAP is a free, open source implementation of the Lightweight Directory Access Protocol (LDAP) developed by the OpenLDAP project. Released under its own OpenLDAP Public License. LDAP is a platform-independent communication protocol.

To simplify the administration of the system users, it is ideal to use a database accessible via LDAP. Centrally storing user accounts in a single repository makes it easy to create, modify, and delete user accounts and user groups

Let’s get to work!!!

Installing OpenLDAP server

To install the openLDAP server we only need to execute the following command with root privileges:

             sudo apt install slapd ldap-utils

1.-Installing openLDAP
1.-Installing openLDAP

When the installation is complete, you have to define the administrator password.

2.-Admin Password
2.-Admin Password

We will check the status of the service to see if the installation was successful.

sudo systemctl status slapd.service

3.- Checking status openLDAP
3.- Checking status openLDAP

In the previous image we see that the installation was successful and that the service is running.

2.-Basic configuration of the service

When the installation of the packages is finished it does not do so with an appropriate configuration, so we must use dpkg to do it, at least in a basic way.

            sudo dpkg-reconfigure slapd

4.- Reconfiguring slapd
4.- Reconfiguring slapd

When you run the above command, you will be asked certain questions. The first is whether we want to skip the LDAP server configuration. We say NO.

6.- Configuring LDAP
5.- Configuring LDAP

The next step is to enter your domain.

7.- Entering the domain
6.- Entering the domain

You will then ask us for the name of our organization

8.- Entering organization name
7.- Entering organization name

After that, you will be asked to set the admin password again.

8.- admin password
8.- admin password

The next step is to define the database backend. We will choose MDB because it is the most efficient in performance and memory consumption.

9.- Database backend
9.- Database backend

Do you want the database to be removed when slapd is purged? We say No.

10.- configuring ldpa
10.- configuring ldpa

Move old database? we say Yes

11.- move old database
11.- move old database

We finally got out of the configuration script

12.- ldap configured
12.- ldap configured

3.-Define Configuration in an LDAP Client

The configuration file for all OpenLDAP clients is ldap.conf located in /etc/ldap. We need to edit it.

            sudo nano /etc/ldap/ldap.conf

When we open the file we’ll see something like this:

13.- editing file ldap.conf
13.- editing file ldap.conf

In this file we only need to specify two things: BASE and URI. BASE is where our DNS is placed, following this formula:

BASE dc=YOUR_DOMAIN,dc=com

Or if you have, a subdomain:

BASE dc=SUB_DOMAIN,dc=YOUR_DOMAIN,dc=com

While URI is the address where the LDAP server is located:

If the server is hosted on the same machine as the client, then we must set the URI to ldap:localhost/

14.-Editing file ldap.conf
14.-Editing file ldap.conf

Let’s check that everything is OK, with the execution of the next command:

            ldapsearch -x

15.- Testing ldap
15.- Testing ldap

The previous image shows the output per terminal of the execution of the ldapsearch command. Seeing 0 success means that everything is in order.

Optional: Install phpLDAPAdmin

It is possible to manage ldap from the command line, but some people prefer a graphical application. PhpLDAPAdmin is a web application used to manage an LDAP server in a simple and intuitive way.

            sudo apt install phpldapadmin

note:phpldapadmin requires a web server to run since it is a browser-based application, if your ubuntu does not have a web server, then the above command will install apache as a dependency.

16.- installing phpldapadmin
16.- installing phpldapadmin

After installation, we should be able to run phpldapadmin from the browser, but first we’ll modify some things from the configuration files.

            sudo nano /etc/phpldapadmin/config.php

First we will tell phpldapadmin that we will connect from localhost. We’ll go to line 293. Press CTR + _ and write the line number.

17.-Allowing localhost connection
17.-Allowing localhost connection

Then we go to line 296 and remove the comment to allow the connection through port 389.

18.- Setting the port
18.- Setting the port

Next we will go to line 300 where we will find :

$servers->setValue(‘server’,’base’,array(‘dc=example,dc=com’))

And the substitutes for the following:

$servers->setValue(‘server’,’base’,array());

This is in order for phpldapadmin to recognize the domain arrangement we use in the openLDAP configuration.

19.- Changing the array
19.- Changing the array

On line 335 we proceed to remove the comment and enable TLS.

20.-Enabling TLS
20.-Enabling TLS

Finally we disable the anonymous logging. Let’s go to line 453.

21.- disabling anonymous logging
21.- disabling anonymous logging

We finally got out and finished setting up.

And with this we can access from our browser to phpldapadmin

22.- phpldapadmin
22.- phpldapadmin

We enter our credentials and log in

23.- Entering credentials
23.- Entering credentials

And we will see the following

24.- phpldapadmin
24.- phpldapadmin

And this is it. We have installed and configured openLDAP. Now it’s time to take advantage of this fabulous application.

Feel free to share this article with your friends through social networks.

Spread the love
  • 13
    Shares

PS. If you like this post please share it with your friends on the social networks using the buttons above.Thanks.

LEAVE A REPLY

Please enter your comment!
Please enter your name here