LDAP – How to Install and Configure OpenLDAP Server on Ubuntu

OpenLDAP is a software implementation of the Lightweight Directory Access Protocol (LDAP). OpenLDAP is free and open-source software that comes with its own BSD-style license called OpenLDAP Public License.OpenLDAP is a highly customizable LDAP server and supports all major computing platforms.

LDAP Account Manager or LAM is a web application written in PHP for managing users, groups, and organization units. LAM provides an easy way to manage LDAP servers from the web browser.

In this tutorial, We will learn How to Install and Configuration OpenLDAP Server and OpenLDAP Account Manager on Ubuntu


Before you begin with this tutorial, you must have the following prerequisites:

  • Operating system:
    • Ubuntu 22.04 LTS or Ubuntu 22.10
    • Ubuntu 20.04 LTS or Ubuntu 20.10
    • Ubuntu 18.04 LTS
  • User privileges:
    • root
    • or non-root user with root privileges
  • VIM editor installed
  • And we stipulate the following:
    • Domain: totatca.local
    • Hostname: ldap-1
    • Full name/FQDN: ldap-1.totatca.local
    • IP address: ( recommend static IP address )
    • Default OU called: Department
    • Default Group called: Groups

Read more:

Step 1 – Update the system

First of all, we need to update the system packages to the latest versions available

sudo apt update && sudo apt upgrade -y

Step 2 – Setting up Hostname & Fullname (FQDN) on your system

Follow this tutorial on How to Configure Hostname and FQDN/Fullname on Ubuntu to configure Hostname and FQDN/Fulname on your system.

Verify the Hostname and FQDN/Full-name on your system are correct:


hostname -f


Sample output:

Check Hostname & IP

Step 3 – Install and Configure OpenLDAP Server

Everything is done, now install OpenLDAP Server on your system using the following command below:

sudo apt install slapd ldap-utils -y

During the installation of the OpenLDAP server, you will be asked to set the admin password, Input your password for the OpenLDAP admin user and select OK

Enter Password Admin

Then confirm your password and select OK

Confirm password

Once the package installer has finished, start and enable OpenLDAP service to auto-start at system restart or boot:

sudo systemctl start slapd

sudo systemctl enable slapd

Check the status of the OpenLDAP service, and ensure it’s running on the system:

sudo systemctl status slapd

Sample output:

Check status of OpenLDAP service

Verify the OpenLDAP server:

sudo slapcat

You should see the base DN of the OpenLDAP server as dc=totatca,dc=local, and the default admin user for OpenLDAP is admin

Sample output:

Verify OpenLDAP server

OpenLDAP listens on LDAP port 389 and LDAPS 636, you need to allow ports 389 and 636 through the firewall so external clients can connect:

Skip this step, If you don't want to UFW firewall running on your system

sudo ufw enable # Enable the firewall if it not yet running.

sudo ufw allow 389 # Allow port 389

sudo ufw allow 636 # Allow port 636

sudo ufw reload # Reload UFW fireall

sudo ufw status # Check status of UFW firewall

Sample output:

Allow OpenLDAP on UFW

Step 4 – Install LDAP Account Manager (LAM)

First, We need to install the Apache Web server, PHP extensions, and dependencies packages required by LAM

sudo apt install -y apache2 php php-cgi libapache2-mod-php php-mbstring php-common php-pear

Next, start and enable Apache service to auto-start at system restart or boot:

sudo systemctl start apache2

sudo systemctl enable apache2

Also, enable PHP-CGI PHP extensions

sudo a2enconf php*-cgi

Now, install OpenLDAP Account Manager (LAM) using the following command below:

sudo apt -y install ldap-account-manager

Restart the Apache service to apply the changes:

sudo systemctl restart apache2

Lastly, allow Apache service through the UFW firewall

sudo ufw allow 80

sudo ufw reload

sudo ufw status

Sample output:

Allow HTTP on UFW

Step 4 – Configure LAM through the web interface

At this point, LAM installed, open your web browser and access the address http://IP-Server/lam

On the page LAM login, click on LAM Configuration

Access LAM

Click on the Edit server profiles button

Edit Server profiles

Login to LAM with the default password is lam and click OK


On the page General settings, we will set the sections below:

  • In the section Server settings keep the default
Server settings
  • In the section Language settings choose your language and time zone:
Language settings
  • In the section Tool settings :
    • Hidden tools: keep the default
    • Tree suffix: dc=totatca,dc=local
Tool settings
  • In the section Security settings
    • Login method: Fixed list
    • List of valid users: cn=admin,dc=totatca,dc=local
Security settings
  • In the section Profile password, set a new password for the lam user (default is lam )
Profile password

Go to the Account types tab, scroll down to the section Active account types setup as below:

  • Users:
    • LDAP suffix: ou=Department,dc=totatca,dc=local ( Create an OU (Organizational Unit) parent for your LDAP server)
    • Others: keep the default
  • Groups:
    • LDAP suffix: ou=Groups,dc=totatca,dc=local
    • Others: keep the default
Active account types

Then, click the Save button to save the changes on the default profile lam, and you will be redirected again to the LDAP Account Manager login page, enter the password of the admin (OpenLDAP admin in step 3) user and click Login

Re-login LAM

Click the Create button to create the structure OU and Groups

Create default OU and Groups

Success !!!

Success !!!

To verify the structure of your LDAP server, hover over the Tools button – select Tree view

Tree view

You should see the LDAP directory tree similar below:

 LDAP directory tree view

That’s it. You have successfully installed OpenLDAP and LDAP Account Manager on your server.

Next tutorial:

  • How to Create OUs – Groups – Users on OpenLDAP Account Manager – updating
  • How to Install and Configure OpenLDAP client on Ubuntu – updating

Leave a Reply

Your email address will not be published. Required fields are marked *