LDAP is a powerful vendor-neutral application protocol for access directory services. OpenLDAP is a free implementation of LDAP and is used over a network to manage and access a distributed directory service, which can be used for things like PC logins. OpenLDAP is widely used because it’s cost-effective, OS agnostic and flexible. While OpenLDAP is powerful, it’s also complex.
I want to demystify the complexity of deploying OpenLDAP so that anyone with even a basic understanding of Linux and the command line can get this platform up and running.
SEE: 40+ open source and Linux terms you need to know (TechRepublic Premium)
What you’ll need to install OpenLDAP on Ubuntu Server 22.04
I’ll be demonstrating on Ubuntu Server 22.04, so you’ll need an instance of that OS up and running either on bare metal, as a virtual machine, or on a third-party cloud host. And, you’ll need a user with sudo privileges.
Ready to make some LDAP magic?
How to install OpenLDAP
Install the software
The first thing to do is install the software. Log into your Ubuntu instance and issue the command:
sudo apt-get install slapd ldap-utils -y
During the installation, you’ll be asked to create an administrator password, so make sure to type and verify when prompted.
How to configure OpenLDAP
Configure slapd
The first thing you must do is configure slapd, which is handled by the command:
sudo dpkg-reconfigure slapd
Here are the details you’ll be prompted to reply to as well as the responses you should give.
- Omit OpenLDAP Server Configuration: No
- DNS Domain Name: The domain name used for your OpenLDAP server, which is used to create the base DN (Distinguished Name).
- Organization Name: The name of your organization
- Administrator Password: This is the password you set during the OpenLDAP installation.
- Do you want the database to be removed when slapd is purged? No
- Move old database? Yes
- Allow LDAPv2 protocol? No
How to configure ldapd.conf
Open the necessary configuration file with the command:
sudo nano /etc/ldap/ldap.conf
In that file, look for the following line:
BASE dc=your-domain,dc=com
Change that line to reflect the domain you set during the slapd configuration. Also, make sure the URI line looks like this:
URIÂ ldap://localhost
Save and close the file.
Before we install the LDAP Account Manager, let’s test to make sure everything is running as expected. For that, issue the command:
ldapsearch -x
Near the bottom of the output, you should see:
result: 0 success
The above line indicates all is well.
How to install the LDAP Account Manager
Install the dependencies
First, let’s install the necessary dependencies with the command:
sudo apt-get install apache2 php-fpm php-imap php-mbstring php-mysql php-json php-curl php-zip php-xml php-bz2 php-intl php-gmp php-redis -y
Install LAM
Next, install LAM with:
sudo apt-get install ldap-account-manager -y
Create a virtual host
We can now create a virtual host so Apache is aware of the site. Create the configuration file with the command:
sudo nano /etc/apache2/sites-available/lam.conf
In that file, enter this code, making sure to edit the ServerName option:
<VirtualHost *:80>
 ServerName openldap.example.com
 DocumentRoot /usr/share/ldap-account-manager ErrorLog ${APACHE_LOG_DIR}/ldap-account-manager_error.log
 CustomLog ${APACHE_LOG_DIR}/ldap-account-manager_access.log combined Alias /lam /usr/share/ldap-account-manager
 <Directory />
Options FollowSymLinks
AllowOverride All
Require all granted
DirectoryIndex index.html
 </Directory> <Directory /var/lib/ldap-account-manager/tmp>
Options -Indexes
 </Directory> <Directory /var/lib/ldap-account-manager/tmp/internal>
Options -Indexes
Require all denied
 </Directory> <Directory /var/lib/ldap-account-manager/sess>
Options -Indexes
Require all denied
 </Directory> <Directory /var/lib/ldap-account-manager/config>
Options -Indexes
Require all denied
 </Directory> <Directory /usr/share/ldap-account-manager/lib>
Options -Indexes
Require all denied
 </Directory> <Directory /usr/share/ldap-account-manager/help>
Options -Indexes
Require all denied
 </Directory> <Directory /usr/share/ldap-account-manager/locale>
Options -Indexes
Require all denied
 </Directory></VirtualHost>
Save and close the file.
Enable the site and reload Apache
With our virtual host configuration in place, enable it with the command:
sudo a2ensite lam.conf
Reload apache with:
sudo systemctl reload apache2
Remove the index file
Finally, remove the default index.html file with:
sudo mv /var/www/html/index.html ~/
How to access LAM
Access the web interface
Open a web browser and point it to http://SERVER/lam where SERVER is either the IP address or domain of the OpenLDAP hosting server. You should be greeted by the LAM login screen (Figure A).
Figure A
Configure the web interface
Click LAM configuration in the upper right corner and click Edit Server Profiles (Figure B).
Figure B
You will be prompted to type the default profile password, which is lam. In the resulting page (Figure C), you must configure the Tree suffix under Tool Settings to match the domain you set during the slapd configuration.
Figure C
Scroll down to Security Settings and configure the same domain for List Of Valid Users (Figure D) and make sure to change cn=Manager to cn=admin.
Figure D
Now scroll to the bottom of this page and change the LAM admin password.
Configure users
Click the Account Types tab and look for the Users and Groups sections, where you’ll configure your domain in the LDAP Suffix as your domain (Figure E).
Figure E
Click Save, and you’ll be taken back to the login window.
Log in with admin and the password you created for OpenLDAP during the installation and you’re all set to start working with OpenLDAP from the convenience of the LAM GUI.
Congratulations! You now have OpenLDAP up and running and ready to go.
Interested in Ubuntu? You might wanna check The Mastering Linux Development Bundle from TechRepublic Academy.
Subscribe to TechRepublic’s How To Make Tech Work on YouTube for all the latest tech advice for business pros from Jack Wallen.