How to setup an OpenLDAP server on Debian or Ubuntu Rumi, November 18, 2011November 18, 2011 Most enterprises use LDAP as interface to their company structure database. In the Microsoft world is Active Directory the implementation for LDAP. Under Linux is OpenLDAP the common choice for admins. Such LDAP directories are tree based. OpenLDAP is the reference implementation for LDAP v3. The JNDI API inside the Java SDK is usable as implementation to access such LDAP directories. With Spring LDAP is more sophisticated API available. My first code sample works in the company against their OpenLDAP server. For security reasons is the access not possible from outside. So my JUNIT Tests was code red after running in my homeoffice. Maven standard is to run all test prior to build a package like a J2EE war or ear file. So i decided to setup a OpenLDAP server inside my ubuntu 8.10 server vmware server vm. First step is to retrieve and install the openldap package as root: sudo su – apt-get install slapd ldap-utils nmap php5-ldap db4.2-util You have to set a password during installation for the OpenLDAP server. Keep that in mind! Now run the configuration assistant: dpkg-reconfigure slapd Wizard steps: omit openldap server configuration? – no dns domain name? vm.example.org organization name? myCompany database backend to use? hdb do you want the database to be removed when slapd is purged? yes may be the question: move old database? yes administrator password? the same one as entered during installation confirm password? see last step allow LDAPv2 protocol? no Now edit the /etc/ldap/ldap.conf file for the client side configuration: ldap_version 3 URI ldap://localhost:389 SIZELIMIT 0 TIMELIMIT 0 DEREF never BASE dc=vm,dc=example, dc=org With the command “ldapsearch -x” you should see the following output: # extended LDIF # # LDAPv3 # base (default) with scope subtree # filter: (objectclass=*) # requesting: ALL # # vm.example.org dn: dc=vm,dc=example,dc=org objectClass: top objectClass: dcObject objectClass: organization o: myCompany dc: vm # admin, vm.example.org dn: cn=admin,dc=vm,dc=example,dc=org objectClass: simpleSecurityObject objectClass: organizationalRole cn: admin description: LDAP administrator # search result search: 2 result: 0 Success # numResponses: 3 # numEntries: 2 For easier admininstration exist a php admin ui called phpldapadmin and can be installed with: apt-get install phpldapadmin ln -s /usr/share/phpldapadmin/ /var/www/phpldapadmin Open now the config file /etc/phpldapadmin/config.php with joe (a editor) and change the line with the ldap node info to: view plaincopy to clipboardprint? /* Array of base DNs of your LDAP server. Leave this blank to have phpLDAPadmin auto-detect it for you. */ $ldapservers->SetValue($i,'server','base',array('dc=vm,dc=example,dc=org')); … $ldapservers->SetValue($i,'login','dn','cn=admin,dc=vm,dc=example,dc=org'); Check your PHP5 memory settings in /etc/php5/apache2/php.ini: memory_limit = 64M ; Maximum amount of memory a script may consume (16MB) Restart the apache to use this changed configuration /etc/init.d/apache2 restart and go to: http://your.vm.ip/phpldapadmin Click on the login link on the left side and enter as “login dn”: cn=admin,dc=vm,dc=example,dc=org and your password in mind. First step is now to enter a “organisational unit”: click on the left side on the link beside the world icon “dc=vm…” click on “create a child entry here” choose “organisational unit” as template enter “people” and click on “create object” click on this new orginsational unit people in the tree click on “create a child entry here” choose “Address Book Entry (mozillaOrgPerson)” as template enter “John” as “first name” enter “Doe” as “last name” go to common name (cn) and enter “John Doe” click on “create object” Now check with “ldapsearch -x” if everything is ok: # extended LDIF # # LDAPv3 # base (default) with scope subtree # filter: (objectclass=*) # requesting: ALL # # vm.example.org dn: dc=vm,dc=example,dc=org objectClass: top objectClass: dcObject objectClass: organization o: myCompany dc: vm # admin, vm.example.org dn: cn=admin,dc=vm,dc=example,dc=org objectClass: simpleSecurityObject objectClass: organizationalRole cn: admin description: LDAP administrator # people, vm.example.org dn: ou=people,dc=vm,dc=example,dc=org objectClass: organizationalUnit objectClass: top ou: people # John Doe, people, vm.example.org dn: cn=John Doe,ou=people,dc=vm,dc=example,dc=org objectClass: inetOrgPerson objectClass: top givenName: John sn: Doe cn: John Doe # search result search: 2 result: 0 Success # numResponses: 5 # numEntries: 4 Your LDAP server is now running and you can easily configure it inside your favorite browser. Src: http://ralf.schaeftlein.de/2009/02/04/howto-setup-a-openldap-server-for-ubuntu-810/ Configurations (Linux) DebianLDAP