ubuntu-1.jpg
Image: Profit_Image/Shutterstock

LDAP is a powerful vendor-neutral application protocol for access directory services. OpenLDAP is a free implementation of LDAP and is used over a network to manage and access a distributed directory service, which can be used for things like PC logins. OpenLDAP is widely used because it’s cost-effective, OS agnostic and flexible. While OpenLDAP is powerful, it’s also complex.

I want to demystify the complexity of deploying OpenLDAP so that anyone with even a basic understanding of Linux and the command line can get this platform up and running.

SEE: 40+ open source and Linux terms you need to know (TechRepublic Premium)

What you’ll need to install OpenLDAP on Ubuntu Server 22.04

I’ll be demonstrating on Ubuntu Server 22.04, so you’ll need an instance of that OS up and running either on bare metal, as a virtual machine, or on a third-party cloud host. And, you’ll need a user with sudo privileges.

Ready to make some LDAP magic?

How to install OpenLDAP

Install the software

The first thing to do is install the software. Log into your Ubuntu instance and issue the command:

sudo apt-get install slapd ldap-utils -y

During the installation, you’ll be asked to create an administrator password, so make sure to type and verify when prompted.

How to configure OpenLDAP

Configure slapd

The first thing you must do is configure slapd, which is handled by the command:

sudo dpkg-reconfigure slapd

Here are the details you’ll be prompted to reply to as well as the responses you should give.

  • Omit OpenLDAP Server Configuration: No
  • DNS Domain Name: The domain name used for your OpenLDAP server, which is used to create the base DN (Distinguished Name).
  • Organization Name: The name of your organization
  • Administrator Password: This is the password you set during the OpenLDAP installation.
  • Do you want the database to be removed when slapd is purged? No
  • Move old database? Yes
  • Allow LDAPv2 protocol? No

How to configure ldapd.conf

Open the necessary configuration file with the command:

sudo nano /etc/ldap/ldap.conf

In that file, look for the following line:

BASE dc=your-domain,dc=com

Change that line to reflect the domain you set during the slapd configuration. Also, make sure the URI line looks like this:

URI  ldap://localhost

Save and close the file.

Before we install the LDAP Account Manager, let’s test to make sure everything is running as expected. For that, issue the command:

ldapsearch -x

Near the bottom of the output, you should see:

result: 0 success

The above line indicates all is well.

How to install the  LDAP Account Manager

Install the dependencies

First, let’s install the necessary dependencies with the command:

sudo apt-get install apache2 php-fpm php-imap php-mbstring php-mysql php-json php-curl php-zip php-xml php-bz2 php-intl php-gmp php-redis -y

Install LAM

Next, install LAM with:

sudo apt-get install ldap-account-manager -y

Create a virtual host

We can now create a virtual host so Apache is aware of the site. Create the configuration file with the command:

sudo nano /etc/apache2/sites-available/lam.conf

In that file, enter this code, making sure to edit the ServerName option:


<VirtualHost *:80>
  ServerName openldap.example.com
  DocumentRoot /usr/share/ldap-account-manager  ErrorLog ${APACHE_LOG_DIR}/ldap-account-manager_error.log
  CustomLog ${APACHE_LOG_DIR}/ldap-account-manager_access.log combined  Alias /lam /usr/share/ldap-account-manager
  <Directory />
Options FollowSymLinks
AllowOverride All
Require all granted
DirectoryIndex index.html
  </Directory>  <Directory /var/lib/ldap-account-manager/tmp>
Options -Indexes
  </Directory>  <Directory /var/lib/ldap-account-manager/tmp/internal>
Options -Indexes
Require all denied
  </Directory>  <Directory /var/lib/ldap-account-manager/sess>
Options -Indexes
Require all denied
  </Directory>  <Directory /var/lib/ldap-account-manager/config>
Options -Indexes
Require all denied
  </Directory>  <Directory /usr/share/ldap-account-manager/lib>
Options -Indexes
Require all denied
  </Directory>  <Directory /usr/share/ldap-account-manager/help>
Options -Indexes
Require all denied
  </Directory>  <Directory /usr/share/ldap-account-manager/locale>
Options -Indexes
Require all denied
  </Directory></VirtualHost>

 

Save and close the file.

Enable the site and reload Apache

With our virtual host configuration in place, enable it with the command:

sudo a2ensite lam.conf

Reload apache with:

sudo systemctl reload apache2

Remove the index file

Finally, remove the default index.html file with:

sudo mv /var/www/html/index.html ~/

How to access LAM

Access the web interface

Open a web browser and point it to http://SERVER/lam where SERVER is either the IP address or domain of the OpenLDAP hosting server. You should be greeted by the LAM login screen (Figure A).

Figure A

LAM login screen.
The LAM login screen

Configure the web interface

Click LAM configuration in the upper right corner and click Edit Server Profiles (Figure B).

Figure B

The LAM configuration window.
The LAM configuration window

You will be prompted to type the default profile password, which is lam. In the resulting page (Figure C), you must configure the Tree suffix under Tool Settings to match the domain you set during the slapd configuration.

Figure C

Configuring your domain in LAM.
Configuring your domain in LAM

Scroll down to Security Settings and configure the same domain for List Of Valid Users (Figure D) and make sure to change cn=Manager to cn=admin.

Figure D

Configuring the security settings for LAM.
Configuring the security settings for LAM

Now scroll to the bottom of this page and change the LAM admin password.

Configure users

Click the Account Types tab and look for the Users and Groups sections, where you’ll configure your domain in the LDAP Suffix as your domain (Figure E).

Figure E

Configuring the users and groups to use the domain in LAM.
Configuring the users and groups to use the domain in LAM

Click Save, and you’ll be taken back to the login window.

Log in with admin and the password you created for OpenLDAP during the installation and you’re all set to start working with OpenLDAP from the convenience of the LAM GUI.

Congratulations! You now have OpenLDAP up and running and ready to go.

Interested in Ubuntu? You might wanna check The Mastering Linux Development Bundle from TechRepublic Academy.

Subscribe to TechRepublic’s How To Make Tech Work on YouTube for all the latest tech advice for business pros from Jack Wallen.

Subscribe to the Developer Insider Newsletter

From the hottest programming languages to commentary on the Linux OS, get the developer and open source news and tips you need to know. Delivered Tuesdays and Thursdays

Subscribe to the Developer Insider Newsletter

From the hottest programming languages to commentary on the Linux OS, get the developer and open source news and tips you need to know. Delivered Tuesdays and Thursdays