Install and Configure Open LDAP on Ubuntu

blog-banner

OpenLDAP is an open source implementation of the L ightweight D irectory A ccess P rotocol which is used to access centrally stored information over a network . LDAP Server is mainly used as address book and authentication backend for various services.

This setup is carried out for Open LDAP 2.4.40 on Ubuntu 14.04, using Oracle JDK 7.

Prerequisite : Basic understanding of Open LDAP terms/terminology is required to understand this blog.

Steps to Setup Open LDAP

1. Download Open LDAP version 2.4.40 from its official website by following command :

  • wget ftp://ftp.openldap.org/pub/OpenLDAP/openldap-release/openldap-2.4.40.tgz

2. Unzip downloaded file

  • tar zxf openldap-2.4.40.tgz

3. Configure Open LDAP

  • Now Navigate to your unzipped openldap directory by executing “cd openldap” and then Run “ ./configure”
  • command in terminal. Most probably you will get an error as “configure: error : BDB/HDB: BerkeleyDB not available”.
  • To fix this we need to install BerkeleyDB. To install Berkeley DB follow command below:
  • sudo apt-get install libdb-dev

4. Re-run ./configure command after successful installation of Berkeley DB as follows :

  • ./configure
  • Then execute command as follows:
    1. make depend
    2. make

5. Now install software by following command :

  • sudo make install

6. Create Directory for your base dn which will be used to keep BDB files and indices for your domain.

  • sudo mkdir /usr/local/var/openldap-data/your-domain.com

7. OpenLDAP with a BDB backend requires a DB_CONFIG file for configuration and tuning of database. This file exists in /usr/local/etc/openldap/DB_CONFIG.example. Copy this file to your base directory and rename it as DB_CONFIG as follows.

  • sudo cp /usr/local/etc/openldap/DB_CONFIG.example /usr/local/var/openldap-data/your-domain.com/
  • sudo mv /usr/local/var/openldap-data/your-domain.com/DB_CONFIG.example /usr/local/var/openldap-data/
  • your-domain.com/DB_CONFIG

NOTE: You can also change configuration of DB_CONFIG file for optimum performance and tuning of database. In our set up, we have kept default configuration in DB_CONFIG file.

8. Execute “sudo nano /usr/local/etc/openldap/slapd.conf” and Edit slapd.conf file to specify connection information of your LDAP as follows :

# Specify your LDAP connection information here suffix "dc=your-domain,dc=com" rootdn "cn=Manager,dc=your-domain,dc=com" rootpw secret

Then change following line to specify the base directory of your LDAP where the BDB files containing the database and associated indices live. In our setup, our base directory is /usr/local/var/openldap-data/your-domain.comdirectory /usr/local/var/openldap-data/your-domain.com

9. Start LDAP

  • Goto /usr/local/libexec directory, and execute following
    1. sudo ./slapd

10. heck slapd is running or not by following command:

  • ldapsearch -x -b '' -s base '(objectclass=*)' namingContexts

This command should return your base dn as follows:

  • dn : namingContexts: dc=your-domain,dc=com

11. Open slapd.conf file by executing “sudo nano /usr/local/etc/openldap/slapd.conf” and add following lines in it to add required schema in LDAP :

  • include  /usr/local/etc/openldap/schema/cosine.schema
  • include   /usr/local/etc/openldap/schema/inetorgperson.schema

12. Then Restart slapd as follows:

  • To stop LDAP use following command:
    • sudo kill -INT `cat /usr/local/var/run/slapd.pid`
  • Then to start LDAP, Goto /usr/local/libexec directory, and execute following
    • sudo ./slapd

13. Now you are able to create Entries in LDAP from Apache Directory Studio.

  • Open Apache directory studio and click on new connection. Enter Hostname=<your-host-name>, port = 389 & click Next.
  • Enter Bind DN or user and Bind password as per your configuration in slapd.conf. file.
  • In our example, it is cn=Manager,dc= your-domain.com,dc=com and secret respectively.
  • Click on Finish.

Add Slapd as System Service

  • If LDAP is installed by util commands then init script for slapd is automatically created at time of installation. But if you have installed slapd by downloading zip file, then you have to to add slapd as system service manually.
  • To Manually add slapd as system service do as follows:

1. First create slapd service file as follows:

  • sudo touch /etc/init.d/slapd
  • cd /etc/init.d
  • sudo nano slapd

2. Download slapd service file attached at the end of this post. Copy contents of that file and paste it in your service file.

3. Open slapd service file and check if following paths are properly set or not for your LDAP.

  • SLAPD=/usr/local/libexec/slapd
  • SLAPD_CONF=/usr/local/etc/openldap/slapd.conf

4. Now give necessary permission to service file as follows:

  • sudo chmod +x /etc/init.d/slapd

5. Configure the service in init levels as follows:

  • sudo ln -s /etc/init.d/slapd /etc/rc3.d/S90slapd
  • sudo ln -s /etc/init.d/slapd /etc/rc4.d/S90slapd
  • sudo ln -s /etc/init.d/slapd /etc/rc5.d/S90slapd
  • sudo ln -s /etc/init.d/slapd /etc/rc0.d/K10slapd
  • sudo ln -s /etc/init.d/slapd /etc/rc6.d/K10slapd

6. To enable System Startup links run following command:

  • sudo update-rc.d slapd defaults

7. Restart slapd as follows:

  • sudo service slapd restart

8. Now LDAP is setup as your system service, so use following commands to start and stop and restart LDAP Server.

  • sudo service slapd start
  • sudo service slapd stop
  • sudo service slapd restart

Enable Separate Logging for Open LDAP

1. Execute “sudo nano /etc/rsyslog.d/50-default.conf” and edit following line as follows to enable Open LDAP logging.:

*.*;auth,authpriv,local4.none -/var/log/syslog

Add following line there to enable generation of Open LDAP logs in separate file: local4.* -/var/log/openldap/openldap

2. Create configuration file to manage Open LDAP log rotation by executing “sudo touch /etc/logrotate.d/openldap" and add following configuration in it . You can change this configuration as per your requirements :

/var/log/openldap/openldap

{

# Add extension of date with name of log file

dateext

# Specify format of date appended with name of the log file

dateformat -%Y-%m-%d.log

# Keep 365 days worth of backlogs

rotate 365

# Rotate log files daily

daily

# If the log file is missing, go on to the next one without issuing an error message.

missingok

# Postpone compression of the previous log file until next rotation of logs. This only works when used in combination with

# compress

delaycompress

# Compress old log files

compress

# Lines between postrotate and endscript are executed after the log file is  rotated. Following line stands for gracefully restart 

# of rsyslog service after log rotation.

postrotate

invoke-rc.d rsyslog reload > /dev/null

endscript

}

3. Open /etc/logrotate.conf file and uncomment following line to enable compression of all log files generated by rsyslog service :

  • compress

4. Then restart "rsyslog" and "slapd" service with following commands respectively :

  • sudo service rsyslog restart
  • sudo service slapd restart

Congratulations !! Now you have successfully configured OpenLDAP on Ubuntu.

Download slapd service file from below link :

slapd

Contact us

For Your Business Requirements

Text to Identify Refresh CAPTCHA
Background Image Close Button

2 - 4 October 2024

Hall: 10, Booth: #B8 Brussels, Belgium