Get Rewarded! We will reward you with up to €50 credit on your account for every tutorial that you write and we publish!
ProductsContributeDocsCareer

Setup OpenLDAP server on Debian 10

profile picture
Author
Matias Haapaniemi
Published
2020-04-15
Time to read
4 minutes reading time
Table of Contents

Introduction

In this tutorial we cover how to install OpenLDAP server on Debian 10. This tutorial should be more or less compatible with all Linux distros.

OpenLDAP is a Lightweight Directory Access Protocol (LDAP) server which can be used to authenticate users against a centralized authority server.

Step 1 - Update all packages

First we want to make sure that our server is fully updated and upgraded. This can be achieved with:

apt update && apt upgrade -y

Step 2 - Install OpenLDAP package

OpenLDAP requires two packages to function: slapd - LDAP standalone daemon ldap-utils - Useful tools for local LDAP management

To install these packages type

apt install slapd ldap-utils -y

Step 3 - Set password for slapd

After you have installed required packages an install prompt will appear:

slapd install prompt

Here you need to type your new LDAP admin password. It's always recommended to use strong and complex passwords.

Step 4 - Verify install of slapd

Now we can verify if the installation was successful:

slapcat

This command outputs current domain structure.

slapd structure

Step 5 - Edit directory domain

You need edit ldap.conf to fit your needs.

nano /etc/ldap/ldap.conf
#
# LDAP Defaults
#

# See ldap.conf(5) for details
# This file should be world readable but not world writable.

#BASE    dc=example,dc=com
#URI     ldap://ldap.example.com ldap://ldap-master.example.com:666

#SIZELIMIT      12
#TIMELIMIT      15
#DEREF          never

# TLS certificates (needed for GnuTLS)
TLS_CACERT      /etc/ssl/certs/ca-certificates.crt
Uncomment:  

#BASE    dc=example,dc=com  
#URI     ldap://ldap.example.com ldap://ldap-master.example.com:666  

and modify BASE to fit your needs.
I'm using openldap-tutorial.local in my config.
# LDAP Defaults
#

# See ldap.conf(5) for details
# This file should be world readable but not world writable.

BASE    dc=openldap-tutorial,dc=local
URI     ldap://ldap.example.com ldap://ldap-master.example.com:666

#SIZELIMIT      12
#TIMELIMIT      15
#DEREF          never

# TLS certificates (needed for GnuTLS)
TLS_CACERT      /etc/ssl/certs/ca-certificates.crt

Step 6 - Configure OpenLDAP

Now we can configure OpenLDAP:

dpkg-reconfigure slapd

Now enter same base name which you configured on previous step.

openldap dns

Then you need enter organization name:

openldap org name

Then enter your LDAP admin password configured on step 3.

When installer ask which database to use for backend, select MDB as it's most modern.

openldap database

Select no when installer ask if database should be removed when slapd is purged.

openldap purge

Allow installer to move old database.

openldap move database

Step 7 - Verify changed domain structure

slapcat

We can now notice that our distinguished name (dn) is changed.

openldap new structure

Conclusion

Now your OpenLDAP server is successfully configured and is ready to use. You can use shell or GUI to manage it.

A couple of good GUI options are: phpLDAPadmin Apache Directory Studio

License: MIT
Want to contribute?

Get Rewarded: Get up to €50 in credit! Be a part of the community and contribute. Do it for the money. Do it for the bragging rights. And do it to teach others!

Submit an articleFind out more
Report Issue
Try Hetzner Cloud

Get €20/$20 free credit!

Valid until: 31 December 2025 Valid for: 3 months and only for new customers
Get started
Want to contribute?

Get Rewarded: Get up to €50 credit on your account for every tutorial you write and we publish!

Find out more
Report Issue