How to Install OpenLDAP Server on Debian 10
This tutorial exists for these OS versions
- Debian 12 (Bookworm)
- Debian 11 (Bullseye)
- Debian 10 (Buster)
On this page
LDAP or Lightweight Directory Access Protocol is an open and standard application protocol for accessing and maintaining directory information services.
LDAP is an internet protocol that other applications such as email and other applications that require authentication use to look up information from the server.
OpenLDAP is an open-source implementation of the LDAP (Lightweight Directory Access Protocol) developed by the OpenLDAP project. It was released under its own BSD-style license called OpenLDAP Public License.
In this tutorial, we will show you step-by-step how to install OpenLDAP on Debian Buster 10.
Prerequisite
For this tutorial, we will install the OpenLDAP on Debian 10 with 1GB of RAM, 25GB free disk space, and 2 CPUs.
What we will do?
- Set Up FQDN
- Install OpenLDAP Packages
- Create Base User and Group
- Create New User
- Basic LDAP Command
Step 1 - Set Up FQDN
First, we will set up the FQDN (Fully Qualified Domain Name) of the OpenLDAP server. We will use the FQDN 'ldap.hakase.com' for our installation.
Add a new configuration to the '/etc/hosts' file using the following command.
echo "10.5.5.35 ldap.hakase.com ldap" | sudo tee -a /etc/hosts
Now set the hostname of the server to 'ldap'.
sudo hostnamectl set-hostname ldap
After that, log out from the server and log in again, then check the hostname and FQDN using the following command.
hostname
hostname -f
As a result, you've successfully set up the FQDN on Debian Buster 10.
Step 2 - Install LDAP Packages
In this step, we will install OpenLDAP packages and set up the LDAP admin password on the Debian system.
Install the slapd and ldap-utils packages using the apt command below.
sudo apt install slapd ldap-utils
During the installation, you will be asked for the LDAP admin password, type your strong password and press enter.
Repeat your password and press enter again to continue.
And the OpenLDAP packages were installed on the Debian system.
Next, check the ldap installation using the following command.
slapcat
As a result, you will get the OpenLDAP installation with your default FQDN of the server.
Additionally, you can check your ldap installation using the 'ldapwhoami' command below.
ldapwhoami -H ldap:// -x
And you're connected to the OpenLDAP server as an 'anonymous' user through simple authentication.
Step 3 - Create New Base User and Group
In this step, we will create a new base DN (Distinguished Name) for the user and group of the LDAP installation through the LDIF (LDAP Data Interchange Format) configuration file.
We will create a new base DN for users and groups. All users will go under the ou (OrganizationalUnit) named 'people', and all groups will go under the ou named 'groups'.
Now create a new file 'base.ldif' using vim editor.
vim base.ldif
Change the detail domain name 'dc=hakase,dc=com' with your own and paste into it.
dn: ou=people,dc=hakase,dc=com
objectClass: organizationalUnit
ou: people
dn: ou=groups,dc=hakase,dc=com
objectClass: organizationalUnit
ou: groups
Save and close.
Now import the base user and group using the 'ldapadd' command below.
ldapadd -x -D cn=admin,dc=hakase,dc=com -W -f base.ldif
Type your LDAP admin password and you will get the result as below.
As a result, the base user and group have been created, check it using the following command.
ldapsearch -x -LLL -b "dc=hakase,dc=com"
Now you will get the base user named 'people' and base group named 'groups'.
Step 4 - Create a New User
After creating the base user and group, we will create a new user for our LDAP installation.
First, we will generate the LDAP encrypted password using the OpenLDAP password utility 'slappasswd' as below.
slappasswd
Now type the new password for your user and repeat. As a result, you will get an LDAP password encrypted as below.
Next, create a new ldif file 'user.ldif' using vim editor.
vim user.ldif
Change the user 'olaf' and the userPassword with your own and paste the configuration into it.
Step 5 - OpenLDAP Basic Commanddn: uid=olaf,ou=people,dc=hakase,dc=com
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: shadowAccount
cn: olaf
sn: Olaf
userPassword: {SSHA}DX0BCCDmy7MzciI2vh6ymbywEmth6CQL
loginShell: /bin/bash
uidNumber: 2000
gidNumber: 2000
homeDirectory: /home/olaf
dn: cn=olaf,ou=groups,dc=hakase,dc=com
objectClass: posixGroup
cn: olaf
gidNumber: 2000
memberUid: olaf
Save and close.
Next, import the new user to our LDAP using the ldapadd command below.
ldapadd -x -D cn=admin,dc=hakase,dc=com -W -f user.ldif
Type your LDAP admin password and you will get the result as below.
As a result, a new LDAP user named 'olaf' has been created.
Step 5 - Basic LDAP Command
In this step, you will learn some basic ldap management using the command-line.
- Show All Objects on Base DN
To show all objects on the base DN, run the ldapsearch command below.
ldapsearch -x -LLL -b "dc=hakase,dc=com"
Now you will get detail of all objects on your base DN.
- Change Password and Verify
To change the password of an LDAP user, run the 'ldappasswd' command below and change the detail of the LDAP host, admin, and the target username 'olaf' with your own.
ldappasswd -H ldap://10.5.5.35 -x -D "cn=admin,dc=hakase,dc=com" -W -S "uid=olaf,ou=people,dc=hakase,dc=com"
Type the new password for user 'olaf' and repeat, then type the admin password.
As a result, you've changed the LDAP password for the user named 'olaf'.
Check the new password of the 'olaf' user using the command below.
ldapwhoami -vvv -h 10.5.5.35 -D "uid=olaf,ou=people,dc=hakase,dc=com" -x -W
type the new password of your user and you will get the result as below.
the new password for user olaf is working.
- Delete User
To delete the user on the ldap server, run the 'ldapdelete' command below.
ldapdelete -x -W -D 'cn=admin,dc=hakase,dc=com' "uid=olaf,ou=people,dc=hakase,dc=com"
Type the LDAP admin password and you've successfully deleted the user.
And the OpenLDAP installation on Debian Buster 10 has been completed successfully.