LDAP (Lightweight Directory Access Protocol) is an authentication protocol that allows you to easily control and manage user authentication and directory access on your system or network. In this article, we will learn how to configure LDAP Server in Ubuntu. We will use OpenLDAP for our purpose. It is a free and open-source LDAP implementation.
How to Configure LDAP Server in Ubuntu
Here are the steps to configure LDAP Server in Ubuntu.
1. Set Hostname for LDAP Server
First we need to set the hostname for LDAP server. Open terminal and run the following command for this purpose. Replace ldap.example.com with your LDAP server’s subdomain name.
$ sudo hostnamectl set-hostname ldap.example.com
Add the FQDN and IP address to /etc/hosts. Replace 54.43.32.21 with the IP address of your LDAP server.
54.43.32.21 ldap.example.com
2. Install OpenLDAP Server in Ubuntu
Install OpenLDAP and its utilities with the following command.
$ sudo apt update $ sudo apt -y install slapd ldap-utils
During installation, you will be prompted to enter admin password. Enter the desired password and press Ok.
Next, you will be asked to confirm the password.
Once installation is complete, you can verify it by running the following command.
$ sudo slapcat
The above command will display the details of LDAP server installation.
3. Add Base db for Users & Groups
We will create basedn.ldif file following contents. Replace example and com with your domain name and extension.
$ vim basedn.ldif dn: ou=people,dc=example,dc=com objectClass: organizationalUnit ou: people dn: ou=groups,dc=example,dc=com objectClass: organizationalUnit ou: groups
Save and close the file. Next, run the following command to add the above file to LDAP server.
$ ldapadd -x -D cn=admin,dc=example,dc=com -W -f basedn.ldif Enter LDAP Password: adding new entry "ou=people,dc=example,dc=com" adding new entry "ou=groups,dc=example,dc=com"
4. Add User Accounts & Groups
Run the following to generate password for user accounts. You will be asked to enter & re-enter the password for user.
$ sudo slappasswd New password: Re-enter new password: <hashed_password>
It will also display a hashed alphanumeric password. Keep it handy for the next step.
Create the following file to add users to LDAP Server, and add the contents as shown. Replace <hashed_password> with the hashed password you have saved above. Also replace test_user & demo_user with your desired usernames. Replace example and com with your domain and extension.
$ vim ldapusers.ldif dn: uid=computingforgeeks,ou=people,dc=example,dc=com objectClass: inetOrgPerson objectClass: posixAccount objectClass: shadowAccount cn: test_user sn: demo_user userPassword: <hashed_password> loginShell: /bin/bash uidNumber: 2000 gidNumber: 2000 homeDirectory: /home/test_user
Once you have done editing the file, save & close it. Run the following command to add the above user file to LDAP server.
$ ldapadd -x -D cn=admin,dc=example,dc=com -W -f ldapusers.ldif Enter LDAP Password: adding new entry "uid=test_user,ou=people,dc=example,dc=com"
Similarly, create another file to create group. Replace test_group with your group name.
$ vim ldapgroups.ldif dn: cn=computingforgeeks,ou=groups,dc=example,dc=com objectClass: posixGroup cn: test_group gidNumber: 2000 memberUid: test_group
Save and close the file. Run the following command to add the group to LDAP server.
$ ldapadd -x -D cn=admin,dc=example,dc=com -W -f ldapgroups.ldif Enter LDAP Password: adding new entry "cn=test_user,ou=groups,dc=example,dc=com"
5. Install LDAP Account Manager (Optional)
You can also install LDAP Account Manager to easily manage user accounts & groups. It provides a web interface that you can easily use via web browser.
6. Install LDAP Client
You will also need to install LDAP clients on your network’s machines so they can communicate with your LDAP server for authentication & directory access.
Here is our detailed article about installing LDAP client in Ubuntu.
In this article, we have learnt how to install LDAP server in Ubuntu.
Also read:
How to Install SSL Certificate in Raspberry Pi
How to Disable Lighttpd Access Log
How to Install HTTP Server in Raspberry Pi
How to Configure DNS Nameserver in Ubuntu
How to Configure LDAP Client for Ubuntu