OpenLDAP is a free, open source implementation of the Lightweight Directory Access Protocol (LDAP) developed by the OpenLDAP project. Released under its own OpenLDAP Public License. LDAP is a platform-independent communication protocol.
To simplify the administration of the system users, it is ideal to use a database accessible via LDAP. Centrally storing user accounts in a single repository makes it easy to create, modify, and delete user accounts and user groups
Let’s get to work!!!
Installing OpenLDAP server
To install the openLDAP server we only need to execute the following command with root privileges:
sudo apt install slapd ldap-utils
When the installation is complete, you have to define the administrator password.
We will check the status of the service to see if the installation was successful.
sudo systemctl status slapd.service
In the previous image we see that the installation was successful and that the service is running.
2.-Basic configuration of the service
When the installation of the packages is finished it does not do so with an appropriate configuration, so we must use dpkg to do it, at least in a basic way.
sudo dpkg-reconfigure slapd
When you run the above command, you will be asked certain questions. The first is whether we want to skip the LDAP server configuration. We say NO.
The next step is to enter your domain.
You will then ask us for the name of our organization
After that, you will be asked to set the admin password again.
The next step is to define the database backend. We will choose MDB because it is the most efficient in performance and memory consumption.
Do you want the database to be removed when slapd is purged? We say No.
Move old database? we say Yes
We finally got out of the configuration script
3.-Define Configuration in an LDAP Client
The configuration file for all OpenLDAP clients is ldap.conf located in /etc/ldap. We need to edit it.
sudo nano /etc/ldap/ldap.conf
When we open the file we’ll see something like this:
In this file we only need to specify two things: BASE and URI. BASE is where our DNS is placed, following this formula:
Or if you have, a subdomain:
While URI is the address where the LDAP server is located:
If the server is hosted on the same machine as the client, then we must set the URI to ldap:localhost/
Let’s check that everything is OK, with the execution of the next command:
The previous image shows the output per terminal of the execution of the ldapsearch command. Seeing 0 success means that everything is in order.
Optional: Install phpLDAPAdmin
It is possible to manage ldap from the command line, but some people prefer a graphical application. PhpLDAPAdmin is a web application used to manage an LDAP server in a simple and intuitive way.
sudo apt install phpldapadmin
note:phpldapadmin requires a web server to run since it is a browser-based application, if your ubuntu does not have a web server, then the above command will install apache as a dependency.
After installation, we should be able to run phpldapadmin from the browser, but first we’ll modify some things from the configuration files.
sudo nano /etc/phpldapadmin/config.php
First we will tell phpldapadmin that we will connect from localhost. We’ll go to line 293. Press CTR + _ and write the line number.
Then we go to line 296 and remove the comment to allow the connection through port 389.
Next we will go to line 300 where we will find :
And the substitutes for the following:
This is in order for phpldapadmin to recognize the domain arrangement we use in the openLDAP configuration.
On line 335 we proceed to remove the comment and enable TLS.
Finally we disable the anonymous logging. Let’s go to line 453.
We finally got out and finished setting up.
And with this we can access from our browser to phpldapadmin
We enter our credentials and log in
And we will see the following
And this is it. We have installed and configured openLDAP. Now it’s time to take advantage of this fabulous application.
Feel free to share this article with your friends through social networks.