How To Install and Configure a Basic LDAP Server on Ubuntu 24.04 Or Newer

In today’s interconnected world, managing user authentication and directory services efficiently is vital for organizations of all sizes. One of the most widely used solutions for this purpose is Lightweight Directory Access Protocol (LDAP). In this blog post, we will guide you through the steps to install and configure a basic LDAP server on Ubuntu 24.04 or newer.

Prerequisites

Before we begin, ensure you have the following:

• A server running Ubuntu 24.04 or newer.
• Root or sudo access to the server.
• Basic understanding of the command line.

Step 1: Update Your System

First, let’s make sure your system is up to date. Open your terminal and run the following commands:

sudo apt update
sudo apt upgrade -y

Step 2: Install OpenLDAP Server

Now, we will install the OpenLDAP server and related utilities. Run the following command:

sudo apt install slapd ldap-utils -y

During the installation, you will be prompted to configure the LDAP server. If you want to change the default settings later, you can reconfigure the package using:

sudo dpkg-reconfigure slapd

Step 3: Configure Basic Settings

During the initial configuration, you will be asked several questions. Here’s a breakdown of how to respond:

1. Omit OpenLDAP server configuration? – Select “No.”
2. DNS Domain name: – Enter your domain name (e.g., example.com).
3. Organization name: – Enter your organization’s name.
4. Administrator password: – Set a strong password for the LDAP admin.
5. Database backend: – Select “MDB” (the default).
6. Remove the database when slapd is purged? – Select “No.”
7. Move old database? – Select “Yes.”

After completing these prompts, the server will be set up with a basic configuration.

Step 4: Verify LDAP Installation

To verify that the LDAP server is running, use the following command:

sudo systemctl status slapd

You should see an output indicating that the service is active (running). If not, start the service with:

sudo systemctl start slapd

Step 5: Configure LDAP Database

Next, we will add a new database entry. First, create a new LDIF file:

nano base.ldif

Add the following content, replacing dc=example,dc=com with your domain components:

dn: dc=example,dc=com
objectClass: dcObject
dc: example
description: Example LDAP

dn: cn=admin,dc=example,dc=com
objectClass: organizationalRole
cn: admin

Save the file and exit the text editor. Now, load this LDIF file into the LDAP server:

sudo ldapadd -x -D "cn=admin,dc=example,dc=com" -W -f base.ldif

When prompted, enter the admin password you set earlier.

Step 6: Adding Users

Now that we have our base structure, let’s add a user. Create another LDIF file for the user:

nano user.ldif

Add the following content, customizing the details as needed:

dn: uid=jdoe,ou=users,dc=example,dc=com
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: top
cn: John Doe
sn: Doe
uid: jdoe
uidNumber: 1001
gidNumber: 1001
userPassword: password

Again, load this user into the LDAP directory:

sudo ldapadd -x -D "cn=admin,dc=example,dc=com" -W -f user.ldif

Step 7: Querying the LDAP Database

To verify that the user has been added successfully, you can run:

ldapsearch -x -b "dc=example,dc=com"

This command will display all entries in the LDAP directory.

Step 8: Configuring LDAP Authentication (Optional)

If you want to configure your server to authenticate users against the LDAP directory, you’ll need to install the necessary packages:

sudo apt install libnss-ldap libpam-ldap nss-ldap -y

During the installation, you will be prompted for your LDAP URI (e.g., ldap://localhost/). Set the other options according to your preferences.

Conclusion

Congratulations! You have successfully installed and configured a basic LDAP server on Ubuntu 24.04 or newer. LDAP can be a powerful tool for managing user authentication and directory services in a centralized manner.

As you continue to explore LDAP, consider diving deeper into advanced configurations, security best practices, and integrating LDAP with other services.