Setting up an LDAP server is essential when you want centralized authentication across multiple systems. Instead of managing local users on every machine, LDAP allows you to maintain a unified directory service.
In this guide, we will install and configure OpenLDAP using the slapd service on a Linux server.
What is OpenLDAP?
OpenLDAP is an open-source implementation of the Lightweight Directory Access Protocol (LDAP). It is widely used for:
- Centralized user authentication
- Directory-based access control
- Managing user credentials across servers
- Integrating with mail servers, VPNs, and web applications
The main LDAP daemon is called slapd.
Step 1: Install OpenLDAP Packages
First, update your package list:
apt-get updateNow install the required packages:
apt-get install slapd ldap-utils migrationtoolsPackage Explanation
- slapd – OpenLDAP server daemon
- ldap-utils – LDAP command-line tools
- migrationtools – Tools for migrating existing accounts
During installation, you will be prompted to set:
- Administrator password
- Confirm password
Make sure to store this securely.
Step 2: Reconfigure slapd
To properly configure the LDAP server, run:
dpkg-reconfigure slapdYou will see configuration prompts. Use the following settings:
| Prompt | Recommended Value |
|---|---|
| Omit OpenLDAP server configuration? | No |
| DNS domain name | example.local |
| Organization name | example.local |
| Administrator password | (your secure password) |
| Database backend | BDB |
| Remove database when slapd is purged? | No |
| Move old database? | Yes |
| Allow LDAPv2 protocol? | No |
What These Settings Mean
- DNS domain name defines your LDAP base DN
- Organization name is used in directory structure
- BDB (Berkeley DB) is the storage backend
- LDAPv2 is disabled for security reasons
Step 3: Restart OpenLDAP Service
After configuration, restart the service:
/etc/init.d/slapd restartOr on newer systems:
systemctl restart slapdStep 4: Verify LDAP is Running
Check service status:
systemctl status slapdTest LDAP connectivity:
ldapsearch -xIf configured correctly, you should see directory information returned.
Common Issues and Troubleshooting
1️⃣ slapd Fails to Start
- Check logs:
journalctl -xe- Verify port 389 is not blocked
2️⃣ Authentication Fails
- Confirm base DN
- Check admin password
- Verify firewall rules
3️⃣ Migration Issues
- Ensure
migrationtoolsis properly configured - Verify correct domain mapping
Security Best Practices
When running OpenLDAP in production:
- Enable TLS/SSL encryption
- Restrict anonymous binds
- Use strong admin passwords
- Configure firewall rules
- Regularly back up LDAP database
FAQ Section
What is slapd in OpenLDAP?
slapd is the standalone LDAP daemon that handles directory service requests.
Which port does OpenLDAP use?
By default, LDAP runs on port 389 and LDAPS runs on port 636.
Can OpenLDAP be used for centralized login?
Yes, OpenLDAP is commonly used for centralized authentication across Linux servers and applications.
If you require help, contact SupportPRO Server Admin
