Install OpenLDAP Server and Administer with phpLDAPadmin in Debian/Ubuntu

LDAP stands for Lightweight Directory Access Protocol which can be used in numerous ways such as for authentication, shared directory (for mail clients), address book, etc. The LDAP protocol can be used to establish and store any kind of information. The OpenLDAP server gives you the possibility to access the information which is stored in a tree structure.

In this article we will show you how to install and configure an OpenLDAP server and how to administer it with phpLDAPadmin on Debian, Ubuntu and Linux Mint systems.

Installation Of OpenLDAP Server In Linux

By default the OpenLDAP server is in repositories under the package “slapd“. You can easily install it with the help of package manager tool called apt-get. But before installing the OpenLDAP server, make sure your system is up-to-date.

During installation, it will ask you to enter a password for the admin entry in your LDAP directory. Enter a strong password and confirm it by selecting OK.

 
$ sudo apt-get update 
$ sudo apt-get install slapd ldap-utils
Set OpenLDAP Admin Password

Set OpenLDAP Admin Password

Configure OpenLDAP Server

In order to configure the OpenLDAP server you need to edit the ldap.conf file, which is stored under the /etc directory. To edit the ldap.conf file you need a text editor like vim, nano etc. Run the following command to open the ldap configuration file for editing.

$ sudo nano /etc/ldap/ldap.conf

The output of the above command is shown in the below section.

#
# LDAP Defaults
#

# See ldap.conf(5) for details
# This file should be world readable but not world writable.

#BASE   dc=example,dc=com
#URI    ldap://ldap.example.com ldap://ldap-master.example.com:666

#SIZELIMIT      12
#TIMELIMIT      15
#DEREF          never

# TLS certificates (needed for GnuTLS)
TLS_CACERT      /etc/ssl/certs/ca-certificates.crt

Uncomment the BASE and URI lines, so you can edit them with your own domain name and IP address. Since this is a testing installation and configuration I will use tecmint123.com as my domain name.

#
# LDAP Defaults
#

# See ldap.conf(5) for details
# This file should be world readable but not world writable.

BASE   dc=tecmint123,dc=com
URI    ldap://ldap.example.com ldap://ldap-master.example.com:666

#SIZELIMIT      12
#TIMELIMIT      15
#DEREF          never

# TLS certificates (needed for GnuTLS)
TLS_CACERT      /etc/ssl/certs/ca-certificates.crt

Save the file and run the following command to reconfigure the LDAP package.

$ sudo dpkg-reconfigure slapd
Configure Ldap Server

Configure Ldap Server

To construct the base DN of the LDAP directory you need a DNS domain name.

Set DNS Name for Ldap

Set DNS Name for Ldap

Enter your DNS domain name and hit Enter to confirm it. Then the ldap will ask to enter the name of the organization to use in the base DN of your LDAP directory. Enter the name of your company or organisation and hit Enter again.

Set Organisation Name for Ldap

Set Organisation Name for Ldap

After the organisation or company name is added, the package configuration will ask to enter the password for the admin entry in your LDAP
directory. You need to enter the password for the admin which you created in the previous steps.

Enter Ldap Administrative Password

Enter Ldap Administrative Password

After you have confirmed the administrator’s password, you have to select the database. There are two databases to select from, the BDB and HDB database. They both support the same configuration options, use similar storage formats, but since the HDB database adds support for sub-tree renames it is the recommended one.

Configure Ldap Database

Configure Ldap Database

You can select the database you think will work better for you. After you have decided which database you will use, hit Enter to confirm the selection. Then you will be prompted with another question. Select Yes to remove the database when slapd is purged.

Purge Ldap Database

Purge Ldap Database

Select again Yes and press Enter.

Move Old Ldap Database

Move Old Ldap Database

Select No and the LDAP server will start running.

Allow Ldap2 Protocol

Allow Ldap2 Protocol

[sudo] password for ravisaive: 
 * Stopping OpenLDAP slapd                                                                                       [ OK ] 
  Moving old database directory to /var/backups:
  - directory unknown... done.
  Creating initial configuration... done.
  Creating LDAP directory... done.
 * Starting OpenLDAP slapd                                                                                       [ OK ] 
Processing triggers for libc-bin ...

To test the LDAP server, the ldapsearch -x command is used.

ldapsearch -x

It produces the following output.

# extended LDIF
#
# LDAPv3
# base <dc=tecmint123,dc=com> (default) with scope subtree
# filter: (objectclass=*)
# requesting: ALL
#

# tecmint123.com
dn: dc=tecmint123,dc=com
objectClass: top
objectClass: dcObject
objectClass: organization
o: tecmint
dc: tecmint123

# admin, tecmint123.com
dn: cn=admin,dc=tecmint123,dc=com
objectClass: simpleSecurityObject
objectClass: organizationalRole
cn: admin
description: LDAP administrator

# search result
search: 2
result: 0 Success

# numResponses: 3
# numEntries: 2

LDAP Administration with phpLDAPadmin

phpLDAPadmin is a GUI administration tool for LDAP server administration. This GUI tool will help us to interact with your LDAP server through a web interface. It is available in the default repositories, it can be installed with the apt-get command.

But before installing phpLDAPadmin, you must have Apache web server and PHP installed and running. If not, install it using following command.

$ sudo apt-get install apache2 php5 php5-mysql

Next install the “phpldapadmin” package as shown below.

$ sudo apt-get install phpldapadmin

The same way we configured the ldap.conf file, we need to configure the phpldapadmin web interface configuration files before using it. Run the following command to open the phpldapadmin config.php file.

$ sudo nano /etc/phpldapadmin/config.php

All you need to do is to replace the domain names with your own values. The configuration part needed for this case is under the “Define your LDAP servers” section.

$servers = new Datastore();
$servers->newServer('ldap_pla'); 
$servers->setValue('server','name','Tecmint LDAP Server');
$servers->setValue('server','host','127.0.0.1'); 
$servers->setValue('server','base',array('dc=tecmint123,dc=com'));
$servers->setValue('login','bind_id','cn=admin,dc=tecmint123,dc=com');

After you have finished editing the config.php configuration file, open a tab in your web browser and tpye the “http://ip_address_here/phpldapadminURL. Enter your ldap login credentials and click login.

Reference Links

  1. OpenLDAP Homepage
  2. phpLDAPadmin Homepage

If You Appreciate What We Do Here On TecMint, You Should Consider:

TecMint is the fastest growing and most trusted community site for any kind of Linux Articles, Guides and Books on the web. Millions of people visit TecMint! to search or browse the thousands of published articles available FREELY to all.

If you like what you are reading, please consider buying us a coffee ( or 2 ) as a token of appreciation.

Support Us

We are thankful for your never ending support.

Ravi Saive

I am Ravi Saive, creator of TecMint. A Computer Geek and Linux Guru who loves to share tricks and tips on Internet. Most Of My Servers runs on Open Source Platform called Linux. Follow Me: Twitter, Facebook and Google+

Your name can also be listed here. Got a tip? Submit it here to become an TecMint author.

RedHat RHCE and RHCSA Certification Book
Linux Foundation LFCS and LFCE Certification Preparation Guide

You may also like...

28 Responses

  1. Sam says:

    I am anable to find option or command to save phpldpapadmin config file

  2. billq says:

    You can also try just using the IP for your ldap server in the URI
    i.e.

    URI ldap://192.168.1.10

  3. Steve says:

    Thanks for sharing this info! As to Soumitra’s error, entering the server into dns should resolve it, or at least enter it in the host table of the ldap server.

  4. john says:

    You get the error when you use ldapsearch x without the dash

    ldapsearch -x should work

  5. Soumitra says:

    Well The error got resolved after restarting the slapd daemon.
    Now how do we authenticate the client in ldap.

  6. Fridrick says:

    I have done all the configuration and create object for contact sharing, when i tried to connect my LDAP with thunderbird is not sharing the contact from ldap.All running well .please get me back ASAP

  7. hello_world says:

    ldap_sasl_interactive_bind_s: Can’t contact LDAP server (-1)

    I confirm the problem in wheezy

    • Manoj Namdev says:

      Please change entry according to your domain in /etc/ldap/ldap.conf

      my hostname is manoj-KVM.mint.local

      $ sudo nano /etc/ldap/ldap.conf

      BASE dc=mint,dc=local
      URI ldap://manoj-KVM.mint.local ldap://manoj-KVM.mint.local:666

  8. Scott says:

    I’m getting same error as Soumitra. Ideas?

  9. Debasish says:

    Please share the same for RHEL 6 / CENTOS 6 …..x86_64
    And will be waiting for your post……………………………………
    …………………………………………………………………….
    ………………………………………………………….
    ————————
    ————
    ——–

  10. Soumitra says:

    I am getting this error:
    My hostname is ubuntults.com, I made the following changes in the .conf file

    BASE dc=ubuntults,dc=com
    URI ldap://ldap.ubuntults.com ldap://ldap-master.ubuntults.com:666

    This is the error:
    ldap_sasl_interactive_bind_s: Can’t contact LDAP server (-1)

Got something to say? Join the discussion.

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.