OpenLDAP Installation On Ubuntu

Aron Schatz
March 7, 2008
OpenLDAP Installation On Ubuntu
Directory services run nearly every enterprise network today. Each place you see Active Directory, LDAP is working its magic. Find out how to easily install a LDAP server of your own on Ubuntu.

Page 1: Intro, Why, System Setup, Step 1, Step 2


The Lightweight Directory Access Protocol, LDAP for short, is a 'fork' of the original X.500 specification for Directory Access Protocol. This X.500 was large and heavy. It also required an OSI protocol stack to run. LDAP was made to be leaner and able to run on top of TCP/IP instead of the OSI complete stack. Active Directory, the directory software that many Windows based enterprise networks use, is LDAP at its heart. Directory services can provide many benefits to a home network or a business. With LDAP setup, it is relatively easy to setup a single sign-on on every computer or have a global address book. The first step is the installation which is very easy on Ubuntu.

Why Bother?:

You might ask yourself about why you should even bother installing OpenLDAP. I can give you a few reasons.

  • Everything runs directory services. Every Windows Active Directory domain is running LDAP and most enterprise POSIX networks are running LDAP. OpenLDAP gives you insight and experience on how these systems work.
  • Central administration. Directory services can ease administration in the smallest networks using a central system. Make a single change in one place instead of each workstation.
  • It's easy. There's no reason not to install it. You can always try it out and uninstall it if you don't want to keep it.

System Setup:

This guide will give you step by step instructions on how to install OpenLDAP on Ubuntu. This guide will work on all its variants as well as Debian. The actual computer I used to perform the steps in this guide is my »BackupPC and fileserver as well as the VMWare server. This install will be done fully from a bash prompt so you are free to use ssh to do everything in this guide as I did.

You need to get to a bash prompt. If you are using ssh, you should know what you need to do. If you are new to Linux and are using Ubuntu, you can use the terminal program under Applications -> Accessories -> Terminal. That brings up a command line interface with a bash prompt. It should look like this...


Step 1: Install OpenLDAP

Technically, this can be the only step if you left the default settings. The default settings need adjustment, so we need to reconfigure the package after the installation. Don't worry, this isn't a one step guide.

To install OpenLDAP type...

aronschatz@aseserver:~$ sudo apt-get install slapd ldap-utils


This command will install OpenLDAP (called slapd) and some LDAP utilities from the Ubuntu repository. Make sure you enter your password for sudo and accept the installation of the software to continue. apt-get will install the software and return to a prompt asking you to input an initial password. Make this as simple as you want since we are going to reset the configuration of slapd.

Step 2: Reconfigure slapd

The next step we need to do is the actual configuration of the server. The installation pre-configured the slapd package, but we need to put in our own information. Since slapd is a Debian package, a simple command allows you to reconfigure it. Type...

aronschatz@aseserver:~$ sudo dpkg-reconfigure slapd

This command brings up the initial slapd configuration. dpkg-reconfigure is pretty easy to figure out. It is a graphical setup in the command line interface. The follow screenshots display the configuration.


We want to setup slapd, so you don't want to omit the OpenLDAP configuration. Pick No.


Directories work in the same way a domain does. In fact, it is good to name the base of your LDAP directory the same as your DNS suffix. My suffix happens to be asetest. so my base DN (distinguished name) would be "asetest" which actually translates into "dc=asetest". You can enter as long a domain as you want. If you wanted "ldap.aseserver.asetest" that would be fine. In the LDAP directory, this would be "dc=ldap,dc=aseserver,dc=asetest" where dc means domain component.


This step is the name of the organization. I just said "ASE LDAP", but you can pick any organization you want.


Here is where the new admin password is made. For extra security, pick a different password than the root password on the machine.


Now renter the same password to confirm.


This blurb is giving you information about how to store the data for LDAP. We will be using BDB. Just tab to OK.


Pick BDB and move on to the next screen.


No you don't want the database deleted on a purge.


Sure, move the old stuff out of the way.


No, you don't want to allow LDAPv2.

And that's the final configuration step. Next we will dive into the files to make sure everything is fine. The configuration routine actually handles everything nicely, but it is good to see what is happening.
members/attachments/upload/2008/03/07/2415.png 1.png members/attachments/upload/2008/03/07/2416.png 2.png members/attachments/upload/2008/03/07/2417.png 3.png members/attachments/upload/2008/03/07/2418.png 4.png members/attachments/upload/2008/03/07/2419.png 5.png members/attachments/upload/2008/03/07/2420.png 6.png members/attachments/upload/2008/03/07/2421.png 7.png members/attachments/upload/2008/03/07/2422.png 8.png members/attachments/upload/2008/03/07/2423.png 9.png members/attachments/upload/2008/03/07/2424.png 10.png members/attachments/upload/2008/03/07/2425.png 11.png members/attachments/upload/2008/03/07/2426.png phpldwelcome.png members/attachments/upload/2008/03/07/2427.png phpldlogin.png members/attachments/upload/2008/03/07/2428.png phpldedit.png


Medium Image View Large