LDAP – How to Install and Configure OpenLDAP Server on Ubuntu

OpenLDAP is a software implementation of the Lightweight Directory Access Protocol (LDAP). OpenLDAP is free and open-source software that comes with its own BSD-style license called OpenLDAP Public License.OpenLDAP is a highly customizable LDAP server and supports all major computing platforms.

LDAP Account Manager or LAM is a web application written in PHP for managing users, groups, and organization units. LAM provides an easy way to manage LDAP servers from the web browser.

In this tutorial, We will learn How to Install and Configuration OpenLDAP Server and OpenLDAP Account Manager on Ubuntu

Prerequisites:

Before you begin with this tutorial, you must have the following prerequisites:

• Operating system:
  • Ubuntu 22.04 LTS or Ubuntu 22.10
  • Ubuntu 20.04 LTS or Ubuntu 20.10
  • Ubuntu 18.04 LTS
• User privileges:
  • root
  • or non-root user with root privileges
• VIM editor installed
• And we stipulate the following:
  • Domain: totatca.local
  • Hostname: ldap-1
  • Full name/FQDN: ldap-1.totatca.local
  • IP address: 192.168.1.8 ( recommend static IP address )
  • Default OU called: Department
  • Default Group called: Groups

Read more:

• LDAP – How to Create OUs Groups and Users in OpenLDAP with LAM
• How to Install and Configure OpenLDAP Client on Ubuntu
• How to Configure Static IP Address on Ubuntu Server
• How to Configure Hostname and FQDN/Fullname on Ubuntu

Step 1 – Update the system

First of all, we need to update the system packages to the latest versions available

sudo apt update && sudo apt upgrade -y

Step 2 – Setting up Hostname & Fullname (FQDN) on your system

Follow this tutorial on How to Configure Hostname and FQDN/Fullname on Ubuntu to configure Hostname and FQDN/Fulname on your system.

Verify the Hostname and FQDN/Full-name on your system are correct:

hostname

hostname -f

ifconfig

Sample output:

Step 3 – Install and Configure OpenLDAP Server

Everything is done, now install OpenLDAP Server on your system using the following command below:

sudo apt install slapd ldap-utils -y

During the installation of the OpenLDAP server, you will be asked to set the admin password, Input your password for the OpenLDAP admin user and select OK

Then confirm your password and select OK

Once the package installer has finished, start and enable OpenLDAP service to auto-start at system restart or boot:

sudo systemctl start slapd

sudo systemctl enable slapd

Check the status of the OpenLDAP service, and ensure it’s running on the system:

sudo systemctl status slapd

Sample output:

Verify the OpenLDAP server:

sudo slapcat

You should see the base DN of the OpenLDAP server as dc=totatca,dc=local, and the default admin user for OpenLDAP is admin

Sample output:

OpenLDAP listens on LDAP port 389 and LDAPS 636, you need to allow ports 389 and 636 through the firewall so external clients can connect:

Skip this step, If you don't want to UFW firewall running on your system

sudo ufw enable # Enable the firewall if it not yet running.

sudo ufw allow 389 # Allow port 389

sudo ufw allow 636 # Allow port 636

sudo ufw reload # Reload UFW fireall

sudo ufw status # Check status of UFW firewall

Sample output:

Step 4 – Install LDAP Account Manager (LAM)

First, We need to install the Apache Web server, PHP extensions, and dependencies packages required by LAM

sudo apt install -y apache2 php php-cgi libapache2-mod-php php-mbstring php-common php-pear

Next, start and enable Apache service to auto-start at system restart or boot:

sudo systemctl start apache2

sudo systemctl enable apache2

Also, enable PHP-CGI PHP extensions

sudo a2enconf php*-cgi

Now, install OpenLDAP Account Manager (LAM) using the following command below:

sudo apt -y install ldap-account-manager

Restart the Apache service to apply the changes:

sudo systemctl restart apache2

Lastly, allow Apache service through the UFW firewall

sudo ufw allow 80

sudo ufw reload

sudo ufw status

Sample output:

Step 4 – Configure LAM through the web interface

At this point, LAM installed, open your web browser and access the address http://IP-Server/lam

On the page LAM login, click on LAM Configuration

Click on the Edit server profiles button

Login to LAM with the default password is lam and click OK

[CÒN THIẾU]

On the page General settings, we will set the sections below:

• In the section Server settings keep the default

• In the section Language settings choose your language and time zone:

• In the section Tool settings :
  • Hidden tools: keep the default
  • Tree suffix: dc=totatca,dc=local

• In the section Security settings
  • Login method: Fixed list
  • List of valid users: cn=admin,dc=totatca,dc=local

• In the section Profile password, set a new password for the lam user (default is lam )

Go to the Account types tab, scroll down to the section Active account types setup as below:

• Users:
  • LDAP suffix: ou=Department,dc=totatca,dc=local ( Create an OU (Organizational Unit) parent for your LDAP server)
  • Others: keep the default
• Groups:
  • LDAP suffix: ou=Groups,dc=totatca,dc=local
  • Others: keep the default

Then, click the Save button to save the changes on the default profile lam, and you will be redirected again to the LDAP Account Manager login page, enter the password of the admin (OpenLDAP admin in step 3) user and click Login

Click the Create button to create the structure OU and Groups

Success !!!

To verify the structure of your LDAP server, hover over the Tools button – select Tree view

You should see the LDAP directory tree similar below:

That’s it. You have successfully installed OpenLDAP and LDAP Account Manager on your server.

Next tutorial:

• How to Create OUs – Groups – Users on OpenLDAP Account Manager – updating
• How to Install and Configure OpenLDAP client on Ubuntu – updating