In this blog post. you’ll learn how to install and configure OpenLDAP on Debian 10 Buster. OpenLDAP is a free and open-source implementation of the Lightweight Directory Access Protocol released under OpenLDAP Public License.

After installing OpenLDAP Server on Debian 10 (Buster), you can optionally add phpLDAPadmin / LDAP Account Manager to ease daily administration of LDAP Server. We’ll cover the installation of LDAP UI Management tools on separate guides.

Follow the steps shared in the next sections to have a running OpenLDAP Server on Debian 10 (Buster). Before you start the installation, configure FQDN hostname for your server and add a record to file/etc/hosts.

echo "" | sudo tee -a /etc/hosts
sudo hostnamectl set-hostname --static and to be replaced with matching IP address and hostname respectively.

Step 1: Update Debian server

For setups done on a clean installation of Debian Server, ensure the system is updated and upgraded.

sudo apt -y update
sudo apt -y upgrade
sudo reboot

Step 2: Install OpenLDAP on Debian 10 Buster

After system update and successful reboot, we’re set to install OpenLDAP Server on Debian package from our system default repositories.

sudo apt -y install slapd ldap-utils

You’ll be prompted to enter the admin password for your LDAP directory.

install openldap debian 10 buster 01

Confirm password provided.

install openldap debian 10 buster 02

If your installation was successful, the slapcat command should provide OpenLDAP server details.

$ slapcat
dn: dc=computingforgeeks,dc=com
objectClass: top
objectClass: dcObject
objectClass: organization
dc: computingforgeeks
structuralObjectClass: organization
entryUUID: 3380a11a-587c-1039-8fb1-a76b7240a677
creatorsName: cn=admin,dc=computingforgeeks,dc=com
createTimestamp: 20190821162641Z
entryCSN: 20190821162641.076360Z#000000#000#000000
modifiersName: cn=admin,dc=computingforgeeks,dc=com
modifyTimestamp: 20190821162641Z

dn: cn=admin,dc=computingforgeeks,dc=com
objectClass: simpleSecurityObject
objectClass: organizationalRole
cn: admin
description: LDAP administrator
userPassword:: e1NTSEF9eDN2SUVtUnRZMUFjeHZuREtMaDlwdjU5c3dMZkFaWmM=
structuralObjectClass: organizationalRole
entryUUID: 3380e3fa-587c-1039-8fb2-a76b7240a677
creatorsName: cn=admin,dc=computingforgeeks,dc=com
createTimestamp: 20190821162641Z
entryCSN: 20190821162641.078129Z#000000#000#000000
modifiersName: cn=admin,dc=computingforgeeks,dc=com
modifyTimestamp: 20190821162641Z

Step 3: Add base dn for Users and Groups

The next step is adding a base DN for users and groups. Create a file named basedn.ldif with below contents:

$ nano basedn.ldif
dn: ou=people,dc=computingforgeeks,dc=com
objectClass: organizationalUnit
ou: people

dn: ou=groups,dc=computingforgeeks,dc=com
objectClass: organizationalUnit
ou: groups

Where computingforgeeks and com are domain components, as shown by slapcat command.

When done, apply configurations with the command:

$ sudo ldapadd -x -D cn=admin,dc=computingforgeeks,dc=com -W -f basedn.ldif

Enter LDAP Password:
adding new entry "ou=people,dc=computingforgeeks,dc=com"                
adding new entry "ou=groups,dc=computingforgeeks,dc=com"

Step 4: Add User Accounts and Groups

Generate a password for the user account to add.

$ slappasswd
New password: 
Re-enter new password: 

Create ldif file for adding users.

$ nano ldapusers.ldif
dn: uid=jmutai,ou=people,dc=computingforgeeks,dc=com
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: shadowAccount
cn: Josphat
sn: Mutai
userPassword: {SSHA}5D94oKzVyJYzkCq21LhXDZFNZpPQD9uE
loginShell: /bin/bash
homeDirectory: /home/testuser
uidNumber: 3000
gidNumber: 3000
  • Replace jmutai with the username to add
  • dc=computingforgeeks,dc=com with your correct domain values.
  • cn & sn with your user details
  • {SSHA}5D94oKzVyJYzkCq21LhXDZFNZpPQD9uE with your hashed password generated.

Apply config:

$ ldapadd -x -D cn=admin,dc=computingforgeeks,dc=com -W -f ldapusers.ldif 
Enter LDAP Password: 
adding new entry "uid=jmutai,ou=people,dc=computingforgeeks,dc=com"

A group is added in similar way.

Do the same of group. Create ldif file:

$ cat ldapgroups.ldif
dn: cn=jmutai,ou=groups,dc=computingforgeeks,dc=com
objectClass: posixGroup
cn: jmutai
gidNumber: 3000
memberUid: jmutai

$ ldapadd -x -D cn=admin,dc=computingforgeeks,dc=com -W -f ldapgroups.ldif
Enter LDAP Password: 
 adding new entry "cn=jmutai,ou=groups,dc=computingforgeeks,dc=com"

The two files can be combined into a single file.

Step 5: Install LDAP Account Manager on Debian 10 (Buster)

We’ll install and use LDAP Account Manager as our OpenLDAP Server graphical management dashboard. LDAP Account Manager (LAM) is a web frontend for managing entries (e.g. users, groups, DHCP settings) stored in an LDAP director

Features of LDAP Account Manager

  • Manages Unix, Samba 3/4, Kolab 3, Kopano, DHCP, SSH keys, a group of names and much more
  • Has support for 2-factor authentication
  • Support for account creation profiles
  • CSV file upload
  • Automatic creation/deletion of home directories
  • setting file system quotas
  • PDF output for all accounts
  • schema and LDAP browser
  • manages multiple servers with different configurations
sudo dpkg -i ldap-account-manager_6.8-1_all.deb

If you encounter errors during installation, run:

sudo apt -f install
sudo dpkg -i ldap-account-manager_6.8-1_all.deb

Step 6: Configure LDAP Account Manager

Access  LDAP Account Manager web interface from a trusted machine network on

http://(server’s hostname or IP address)/lam

The LDAP Account Manager Login form will be shown. We need to set our LDAP server profile by clicking on[LAM configuration] at the upper right corner.

Then click on,Edit server profiles

ldap acount manager edit server profiles min

This will ask you for LAM Profile name Password:

ldap account manager default password min
Default password is lam

The first thing to change is Profile Password, this is at the end of General Settings page.

ldap account manager set profie password min

Next is to set LDAP Server address and Tree suffix. Mine looks like below, you need to use your Domain components as set in server hostname.

ldap account manager set server url suffix min

Set Dashboard login by specifying the admin user account and domain components under “Security settings” section.

ldap account manager set valid users min

Switch to “Account types” page and set Active account types LDAP suffix and List attributes.

ldap account manager set user groups min

You can also enable other available account types you wish to use. User and Group modules can be enabled and disabled on “Modules” page.

When done with the settings, click the Save button at the bottom of the page.

Step 7: Add user accounts and groups with LDAP Account Manager

Login with the accountadmin to LAM dashboard to start managing user accounts and groups.

ldap account manager login interface min

You’ll use the Users and Groups links to manage user accounts and groups.

Add User Group

You need to add a user group before the actual user account. Click on Groups > New Group

ldap account manager add new user min

Give the group a name, optional group ID and description.

ldap account manager add new group min

Do the same to add other groups.

Add User Accounts

Once you have the groups for user accounts to be added, click on Users > New user to add a new user account to your LDAP server. You have three sections for user management:

  • Personal – This contains user’s personal information like the first name, last name, email, phone, department, address e.t.c
ldap account manager add new user set shell home min
  • Unix: This section is where you set the Username, Common name, UID number(optional), User comment, User Primary group, and Secondary groups, Home directory and the default Login shell.
ldap account manager add new user set shell home min 1
  • Shadow: This section is where you add Shadow account extension, things related to password aging/expiry.
ldap account manager add new user set password expiry min

You may have more sections depending on the Modules enabled for User and Group management.

Our next guide will cover how to configure the LDAP client on Debian 10 Buster. Also check:

How to Install and configure OpenLDAP Server on Ubuntu 18.04 LTS

Secure LDAP Server with SSL/TLS on Ubuntu

Your support is our everlasting motivation,
that cup of coffee is what keeps us going!

As we continue to grow, we would wish to reach and impact more people who visit and take advantage of the guides we have on our blog. This is a big task for us and we are so far extremely grateful for the kind people who have shown amazing support for our work over the time we have been online.

Thank You for your support as we work to give you the best of guides and articles. Click below to buy us a coffee.



Please enter your comment!
Please enter your name here