LDAP, also known as Lightweight Directory Access Protocol is an application that, once set up, can allow users to easily query data from Directory Services such as Microsoft Active Directory, and many others.
On Linux, LDAP is quite popular, so it’s not hard to set up. In this guide, we’ll mainly focus on Slapd (OpenLDAP), as it has a very straightforward configuration tool that most users can understand.
To get started, you’ll need to have Ubuntu Server (running at least 16.04 LTS). It is also possible to follow along with the guide’s instructions on Debian Linux, as the package names and directions are identical.
Install Slapd and LDAP utilities on Ubuntu
Ubuntu Server is capable of running an LDAP server, but the software needs to be installed and set up beforehand. To do this, log into your Ubuntu Server via the SSH protocol. Or, sit at it physically. Then, transfer the terminal session into a Root shell with the sudo -s command.
It’s also possible to transition the command-line to a Root shell by logging in with the su command. Though, keep in mind that some releases of Ubuntu Server have the Root user shut off and must be re-enabled first.
With the terminal session running as Root, it’s time to use the Apt package manager to install the Slapd package and the LDAP utilities.
apt install slapd ldap-utils
Let the packages install, and be patient. When the installation process is done, you’ll need to configure the Slapd tool. Specifically, you’ll need to set an Admin password for LDAP.
Be sure to set a memorable, secure password for your LDAP system’s Admin account. After that, highlight the “OK” button and press Enter to apply the password.
Slapd is installed on Ubuntu server, and the Administrator password is set up, but the configuration isn’t complete. As it turns out, when you install the system, Ubuntu doesn’t walk you through the setup. So, we must run the dpkg-reconfigure command, to manually set everything up.
Following the dpkg-reconfigure command will bring up a blue UI in the terminal window. The UI states that “If you enable this option, no initial configuration or database will be created for you. Omit OpenLDAP server configuration?”
Make sure to select the “No” option in the UI window. If you accidentally choose the “Yes” option, re-run the dpkg-reconfigure slapd command to fix it.
Following the “No” option, you’ll see another UI window. In it, you’ll be asked to fill out the DNS domain name for OpenLDAP to use.
Note: in the DNS text box, you do not need to add HTTP or WWW!
After writing in your DNS domain, highlight “OK” and press Enter to move to the next page, where you’ll need to specify the Organization name.
Fill out your organization, workplace, etc. in the box. Then, once again, highlight “OK,” and press Enter to move to the password page.
On the password page, add in the Admin password set earlier and highlight “OK,” to move to the Database section.
In the database UI window for the Slapd configuration system, you’ll be asked to select a database backend for your LDAP system. There are three choices. Each of the options in the list is worth using, and all have benefits. That said, we recommend using MDB.
Using the arrow keys, highlight “MDB” and press the Enter key to move on to the next page.
Following choosing a database provider, the UI will ask if you want the database to be removed if the apt remove –purge command is used. Choose “No,” to ensure your data stays safe.
On the page that follows, the UI will let you know that some files still exist in the /var/lib/ldap directory on your system and that leaving these files there is dangerous, and will cause problems.
To solve the problem, the Slapd configuration tool instructions you to move the old database out of the way into /var/backups, by selecting the “Yes” option in the UI.
Note: only select the “No” option if you know how LDAP works and are comfortable fixing the issues manually.
Other configuration steps
During the Slapd installation, you may need to decide what versions of the LDAP protocol to use. In the UI, the message will tell you that “LDAPv2 protocol is disabled by default in Slapd,” because it is obsolete and out of date.
Note: on Ubuntu 18.04 and newer, this message will not appear.
If you do not need the LDAPv2 protocol, highlight “No” to keep it shut off. Alternatively, if you do still use the obsolete LDAPv2 protocol, you can highlight the “Yes” option.
Following the option to enable/disable LDAPv2 in Slapd, the configuration is done. Configure your LDAP client and get going!