LDAP is a powerful vendor-neutral application protocol for access directory services. OpenLDAP is a free implementation of LDAP and is used on a network to manage and access a distributed directory service, which can be used for things like PC logins. OpenLDAP is widely used because it is cost effective, operating system independent, and flexible. Although OpenLDAP is powerful, it is also complex.
I want to demystify the complexity of deploying OpenLDAP so that anyone with even a basic understanding of Linux and the command line can make this platform work.
SEE: 40+ open source and Linux terms you need to know (TechRepublic Premium)
What you will need to install OpenLDAP on Ubuntu Server 22.04
I’ll be demoing on Ubuntu Server 22.04, so you’ll need an instance of that OS running either on a bare metal system, as a virtual machine, or on a third-party cloud host. And, you will need a user with sudo privileges.
Ready to do some LDAP magic?
How to install OpenLDAP
The first thing to do is to install the software. Log in to your Ubuntu instance and run the command:
sudo apt-get install slapd ldap-utils -y
During installation, you will be asked to create an administrator password, so be sure to enter it and verify it when prompted.
How to configure OpenLDAP
The first thing you need to do is configure slapd, which is handled by the command:
sudo dpkg-reconfigure slapd
Here are the details you will be asked to answer as well as the answers you will have to give.
- Omit OpenLDAP server configuration: Nope
- DNS domain name: The domain name used for your OpenLDAP server, which is used to create the base DN (Distinguished Name).
- Name of the organization: The name of your organization
- Administrator password: This is the password you set when installing OpenLDAP.
- Would you like the database to be deleted when slapd is purged? Nope
- Move the old database? Yes
- Allow LDAPv2 protocol? Nope
How to configure ldapd.conf
Open the necessary configuration file with the command:
sudo nano /etc/ldap/ldap.conf
In this file, find the following line:
Edit this line to reflect the domain you defined when configuring slapd. Also make sure the URI line looks like this:
Save and close the file.
Before installing the LDAP Account Manager, let’s test to make sure everything is working as expected. To do this run the command:
Near the bottom of the output, you should see:
result: 0 success
The line above indicates that everything is fine.
How to Install LDAP Account Manager
Let’s start by installing the necessary dependencies with the command:
sudo apt-get install apache2 php-fpm php-imap php-mbstring php-mysql php-json php-curl php-zip php-xml php-bz2 php-intl php-gmp php-redis -y
Next, install LAM with:
sudo apt-get install ldap-account-manager -y
Create a virtual host
We can now create a virtual host for Apache to be aware of the site. Create the configuration file with the command:
sudo nano /etc/apache2/sites-available/lam.conf
In this file, enter this code, making sure to modify the ServerName option:
Save and close the file.
Activate the site and reload Apache
With our virtual host configuration in place, enable it with the command:
sudo a2ensite lam.conf
Reload apache with:
sudo systemctl reload apache2
Delete index file
Finally, remove the default index.html file with:
sudo mv /var/www/html/index.html ~/
How to access LAM
Access the web interface
Open a web browser and point it to http://SERVER/lam where SERVER is either the IP address or domain of the OpenLDAP hosting server. You should be greeted by the LAM login screen (Figure A).
Configure the web interface
Click LAM Configuration in the upper right corner and click Edit Server Profiles (Figure B).
You will be prompted to enter the default profile password, which is I am. In the resulting page (Figure C), you need to configure the Tree suffix under Tool Settings to match the domain you set when configuring slapd.
Scroll down to Security Settings and configure the same domain for valid user list (Figure D) and be sure to change cn=Manager to cn=admin.
Now scroll to the bottom of this page and change the LAM admin password.
Click on the Account Types tab and find the Users and Groups sections, where you will configure your domain in the LDAP suffix as your domain (Figure E).
Click Save and you will be taken back to the login window.
Log in with admin and the password you created for OpenLDAP during installation and you are ready to start working with OpenLDAP from the convenience of the LAM GUI.
Congratulations! You now have OpenLDAP up and running.
Subscribe to TechRepublic How to make technology work on YouTube for all the latest tech tips for professionals from Jack Wallen.