There is a new version of this tutorial available for Debian 12 (Bookworm).

How to Install OpenLDAP Server on Debian 10

LDAP or Lightweight Directory Access Protocol is an open and standard application protocol for accessing and maintaining directory information services.

LDAP is an internet protocol that other applications such as email and other applications that require authentication use to look up information from the server.

OpenLDAP is an open-source implementation of the LDAP (Lightweight Directory Access Protocol) developed by the OpenLDAP project. It was released under its own BSD-style license called OpenLDAP Public License.

In this tutorial, we will show you step-by-step how to install OpenLDAP on Debian Buster 10.

Prerequisite

For this tutorial, we will install the OpenLDAP on Debian 10 with 1GB of RAM, 25GB free disk space, and 2 CPUs.

What we will do?

  • Set Up FQDN
  • Install OpenLDAP Packages
  • Create Base User and Group
  • Create New User
  • Basic LDAP Command

Step 1 - Set Up FQDN

First, we will set up the FQDN (Fully Qualified Domain Name) of the OpenLDAP server. We will use the FQDN 'ldap.hakase.com' for our installation.

Add a new configuration to the '/etc/hosts' file using the following command.

echo "10.5.5.35 ldap.hakase.com ldap" | sudo tee -a /etc/hosts

Now set the hostname of the server to 'ldap'.

sudo hostnamectl set-hostname ldap

After that, log out from the server and log in again, then check the hostname and FQDN using the following command.

hostname
hostname -f

As a result, you've successfully set up the FQDN on Debian Buster 10.

Step 2 - Install LDAP Packages

In this step, we will install OpenLDAP packages and set up the LDAP admin password on the Debian system.

Install the slapd and ldap-utils packages using the apt command below.

sudo apt install slapd ldap-utils

During the installation, you will be asked for the LDAP admin password, type your strong password and press enter.

Repeat your password and press enter again to continue.

And the OpenLDAP packages were installed on the Debian system.

Next, check the ldap installation using the following command.

slapcat

As a result, you will get the OpenLDAP installation with your default FQDN of the server.

Additionally, you can check your ldap installation using the 'ldapwhoami' command below.

ldapwhoami -H ldap:// -x

And you're connected to the OpenLDAP server as an 'anonymous' user through simple authentication.

Step 3 - Create New Base User and Group

In this step, we will create a new base DN (Distinguished Name) for the user and group of the LDAP installation through the LDIF (LDAP Data Interchange Format) configuration file.

We will create a new base DN for users and groups. All users will go under the ou (OrganizationalUnit) named 'people', and all groups will go under the ou named 'groups'.

Now create a new file 'base.ldif' using vim editor.

vim base.ldif

Change the detail domain name 'dc=hakase,dc=com' with your own and paste into it.

dn: ou=people,dc=hakase,dc=com
objectClass: organizationalUnit
ou: people

dn: ou=groups,dc=hakase,dc=com
objectClass: organizationalUnit
ou: groups

Save and close.

Now import the base user and group using the 'ldapadd' command below.

ldapadd -x -D cn=admin,dc=hakase,dc=com -W -f base.ldif

Type your LDAP admin password and you will get the result as below.

As a result, the base user and group have been created, check it using the following command.

ldapsearch -x -LLL -b "dc=hakase,dc=com"

Now you will get the base user named 'people' and base group named 'groups'.

Step 4 - Create a New User

After creating the base user and group, we will create a new user for our LDAP installation.

First, we will generate the LDAP encrypted password using the OpenLDAP password utility 'slappasswd' as below.

slappasswd

Now type the new password for your user and repeat. As a result, you will get an LDAP password encrypted as below.

Next, create a new ldif file 'user.ldif' using vim editor.

vim user.ldif

Change the user 'olaf' and the userPassword with your own and paste the configuration into it.

Step 5 - OpenLDAP Basic Commanddn: uid=olaf,ou=people,dc=hakase,dc=com
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: shadowAccount
cn: olaf
sn: Olaf
userPassword: {SSHA}DX0BCCDmy7MzciI2vh6ymbywEmth6CQL
loginShell: /bin/bash
uidNumber: 2000
gidNumber: 2000
homeDirectory: /home/olaf

dn: cn=olaf,ou=groups,dc=hakase,dc=com
objectClass: posixGroup
cn: olaf
gidNumber: 2000
memberUid: olaf

Save and close.

Next, import the new user to our LDAP using the ldapadd command below.

ldapadd -x -D cn=admin,dc=hakase,dc=com -W -f user.ldif

Type your LDAP admin password and you will get the result as below.

As a result, a new LDAP user named 'olaf' has been created.

Step 5 - Basic LDAP Command

In this step, you will learn some basic ldap management using the command-line.

- Show All Objects on Base DN

To show all objects on the base DN, run the ldapsearch command below.

ldapsearch -x -LLL -b "dc=hakase,dc=com"

Now you will get detail of all objects on your base DN.

- Change Password and Verify

To change the password of an LDAP user, run the 'ldappasswd' command below and change the detail of the LDAP host, admin, and the target username 'olaf' with your own.

ldappasswd -H ldap://10.5.5.35 -x -D "cn=admin,dc=hakase,dc=com" -W -S "uid=olaf,ou=people,dc=hakase,dc=com"

Type the new password for user 'olaf' and repeat, then type the admin password.

As a result, you've changed the LDAP password for the user named 'olaf'.

Check the new password of the 'olaf' user using the command below.

ldapwhoami -vvv -h 10.5.5.35 -D "uid=olaf,ou=people,dc=hakase,dc=com" -x -W

type the new password of your user and you will get the result as below.

the new password for user olaf is working.

- Delete User

To delete the user on the ldap server, run the 'ldapdelete' command below.

ldapdelete -x -W -D 'cn=admin,dc=hakase,dc=com' "uid=olaf,ou=people,dc=hakase,dc=com"

Type the LDAP admin password and you've successfully deleted the user.

And the OpenLDAP installation on Debian Buster 10 has been completed successfully.

https://www.openldap.org/

Share this page:

0 Comment(s)