You can support us by downloading this article as PDF from the Link below. Download the guide as PDF

In this blog post you’ll get to learn how to Install and configure OpenLDAP Server on Ubuntu 20.04|18.04 LTS. OpenLDAP is a free and open source implementation of the Lightweight Directory Access Protocol developed by the OpenLDAP Project and released under OpenLDAP Public License.

Before you start the installation, set your system hostname:

sudo hostnamectl set-hostname ldap.example.com

Add the IP and FQDN to file /etc/hosts. 

$ sudo vim /etc/hosts
192.168.18.50 ldap.example.com

Replace ldap.example.com with your correct hostname/valid domain name. When done, install LDAP packages by running the commands below: 

sudo apt update
sudo apt -y install slapd ldap-utils

During the installation, you’ll be prompted to set LDAP admin password, provide your desired password, then press <OK>

install openldap ubuntu 18.04 set password 01 min

Confirm the password and continue installation by selecting <ok> with TAB key.

install openldap ubuntu 18.04 set password 02 min

You can confirm that your installation was successful using the commandslapcat  to output SLAPD database contents.

# slapcat
dn: dc=example,dc=com
objectClass: top
objectClass: dcObject
objectClass: organization
o: example.com
dc: example
structuralObjectClass: organization
entryUUID: e33fc814-e5b9-1038-8243-39a2e6b74e62
creatorsName: cn=admin,dc=example,dc=com
createTimestamp: 20190328152831Z
entryCSN: 20190328152831.511390Z#000000#000#000000
modifiersName: cn=admin,dc=example,dc=com
modifyTimestamp: 20190328152831Z

dn: cn=admin,dc=example,dc=com
objectClass: simpleSecurityObject
objectClass: organizationalRole
cn: admin
description: LDAP administrator
userPassword:: e1NTSEF9WDIzUEJxbXgycUU3M1dRUmppTVYrZE91U0RNMWswSHE=
structuralObjectClass: organizationalRole
entryUUID: e340fedc-e5b9-1038-8244-39a2e6b74e62
creatorsName: cn=admin,dc=example,dc=com
createTimestamp: 20190328152831Z
entryCSN: 20190328152831.519463Z#000000#000#000000
modifiersName: cn=admin,dc=example,dc=com
modifyTimestamp: 20190328152831Z

Step 2: Add base dn for Users and Groups

The next step is adding a base DN for users and groups. Create a file named basedn.ldif with below contents: 

$ vim basedn.ldif
dn: ou=people,dc=example,dc=com
objectClass: organizationalUnit
ou: people

dn: ou=groups,dc=example,dc=com
objectClass: organizationalUnit
ou: groups

Replace example and com with your correct domain components.

Now add the file by running the command: 

$ ldapadd -x -D cn=admin,dc=example,dc=com -W -f basedn.ldif
Enter LDAP Password:
adding new entry "ou=people,dc=example,dc=com"
adding new entry "ou=groups,dc=example,dc=com"

Step 3: Add User Accounts and Groups

Generate a password for the user account to add.

$ slappasswd
New password: 
Re-enter new password: 
{SSHA}Zn4/E5f+Ork7WZF/alrpMuHHGufC3x0k

Create ldif file for adding users.

$ vim ldapusers.ldif
dn: uid=computingforgeeks,ou=people,dc=example,dc=com
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: shadowAccount
cn: computingforgeeks
sn: Wiz
userPassword: {SSHA}Zn4/E5f+Ork7WZF/alrpMuHHGufC3x0k
loginShell: /bin/bash
uidNumber: 2000
gidNumber: 2000
homeDirectory: /home/computingforgeeks
  • Replace computingforgeeks with the username to add
  • dc=example,dc=com with your correct domain values.
  • cn & sn with your Username Values
  • {SSHA}Zn4/E5f+Ork7WZF/alrpMuHHGufC3x0k with your hashed password

When done with edit, add account by running.

$ ldapadd -x -D cn=admin,dc=example,dc=com -W -f ldapusers.ldif 
Enter LDAP Password: 
adding new entry "uid=computingforgeeks,ou=people,dc=example,dc=com"

Do the same of group. Create ldif file:

$ vim ldapgroups.ldif
dn: cn=computingforgeeks,ou=groups,dc=example,dc=com
objectClass: posixGroup
cn: computingforgeeks
gidNumber: 2000
memberUid: computingforgeeks

Add group:

$ ldapadd -x -D cn=admin,dc=example,dc=com -W -f ldapgroups.ldif
Enter LDAP Password: 
 adding new entry "cn=computingforgeeks,ou=groups,dc=example,dc=com"

You can combine the two into single file.

Step 4: Install LDAP Account Manager – Recommended

I noticed phpLDAPadmin doesn’t work well with PHP 7.2+. I recommend you use LDAP Account Manager instead. Follow our guide below to install and configure LDAP Account Manager.

Install and configure LDAP Account Manager on Ubuntu

The guide also shows you how to add user accounts and groups to your LDAP server.

Step 5: Configure your Ubuntu 20.04|18.04 as LDAP Client

The last step is to configure the systems in your network to authenticate against the LDAP server we’ve just configured:

Configure LDAP Client on Ubuntu

Step 6: Securing LDAP Server/Client

Secure your LDAP Server and access from LDAP Client with TLS/SSL:

Secure LDAP Server with SSL/TLS on Ubuntu

Wrapping Up

Thanks for using our guide to install and configure OpenLDAP server on your Ubuntu. I recommend installing and using LDAP Account Manager to administer your LDAP server through a web interface.

If you need an advanced centralized user management platform, see

How to Install and Configure FreeIPA Server on Ubuntu

How to Configure FreeIPA Client on Ubuntu / CentOS 7

How to Configure FreeIPA replication on Ubuntu / CentOS

As an appreciation for the content we put out,
we would be thrilled if you support us!

As we continue to grow, we would wish to reach and impact more people who visit and take advantage of the guides we have on our blog. This is a big task for us and we are so far extremely grateful for the kind people who have shown amazing support for our work over the time we have been online.

Thank You for your support as we work to give you the best of guides and articles. Click below to buy us a coffee.

Coffee Box

RELATED ARTICLESMORE FROM AUTHOR

LEAVE A REPLY

Please enter your comment!
Please enter your name here