
OpenLDAP is an open source implementation of the L ightweight D irectory A ccess P rotocol which is used to access centrally stored information over a network . LDAP Server is mainly used as address book and authentication backend for various services.
This setup is carried out for Open LDAP 2.4.40 on Ubuntu 14.04, using Oracle JDK 7.
Prerequisite : Basic understanding of Open LDAP terms/terminology is required to understand this blog.
Steps to Setup Open LDAP
-
Download Open LDAP version 2.4.40 from its official website by following command :
-
Unzip downloaded file
-
Configure Open LDAP
Now Navigate to your unzipped openldap directory by executing “cd openldap” and then Run “ ./configure ” command in terminal. Most probably you will get an error as “configure: error : BDB/HDB: BerkeleyDB not available” . To fix this we need to install BerkeleyDB. To install Berkeley DB follow command below: |
-
Re-run ./configure command after successful installation of Berkeley DB as follows :
-
Now install software by following command :
-
Create Directory for your base dn which will be used to keep BDB files and indices for your domain.
-
OpenLDAP with a BDB backend requires a DB_CONFIG file for configuration and tuning of database. This file exists in /usr/local/etc/openldap/DB_CONFIG.example. Copy this file to your base directory and rename it as DB_CONFIG as follows.
your-domain.com/DB_CONFIG NOTE : You can also change configuration of DB_CONFIG file for optimum performance and tuning of database. In our set up, we have kept default configuration in DB_CONFIG file. |
-
Execute “sudo nano /usr/local/etc/openldap/slapd.conf” and Edit slapd.conf file to specify connection information of your LDAP as follows :
# Specify your LDAP connection information here suffix "dc=your-domain,dc=com" rootdn "cn=Manager,dc=your-domain,dc=com" rootpw secret Then change following line to specify the base directory of your LDAP where the BDB files containing the database and associated indices live. In our setup, our base directory is /usr/local/var/openldap-data/your-domain.com directory /usr/local/var/openldap-data/your-domain.com |
-
Start LDAP
-
Check slapd is running or not by following command:
This command should return your base dn as follows: |
-
Open slapd.conf file by executing “sudo nano /usr/local/etc/openldap/slapd.conf” and add following lines in it to add required schema in LDAP :
-
Then Restart slapd as follows:
-
Now you are able to create Entries in LDAP from Apache Directory Studio.
-
Enter Bind DN or user and Bind password as per your configuration in slapd.conf. file. -
In our example, it is cn=Manager,dc= your-domain.com,dc=com and secret respectively. -
Click on Finish. |
Add Slapd as System Service
-
First create slapd service file as follows:
-
Download slapd service file attached at the end of this post. Copy contents of that file and paste it in your service file.
-
Open slapd service file and check if following paths are properly set or not for your LDAP.
-
Now give necessary permission to service file as follows:
-
Configure the service in init levels as follows:
-
sudo ln -s /etc/init.d/slapd /etc/rc3.d/S90slapd -
sudo ln -s /etc/init.d/slapd /etc/rc4.d/S90slapd -
sudo ln -s /etc/init.d/slapd /etc/rc5.d/S90slapd -
sudo ln -s /etc/init.d/slapd /etc/rc0.d/K10slapd -
sudo ln -s /etc/init.d/slapd /etc/rc6.d/K10slapd |
-
To enable System Startup links run following command:
-
Restart slapd as follows:
-
Now LDAP is setup as your system service, so use following commands to start and stop and restart LDAP Server.
Enable Separate Logging for Open LDAP
-
Execute “sudo nano /etc/rsyslog.d/50-default.conf” and edit following line as follows to enable Open LDAP logging. :
*.*;auth,authpriv,local4.none -/var/log/syslog Add following line there to enable generation of Open LDAP logs in separate file: local4.* -/var/log/openldap/openldap |
-
Create configuration file to manage Open LDAP log rotation by executing “sudo touch /etc/logrotate.d/openldap” and add following configuration in it . You can change this configuration as per your requirements :
/var/log/openldap/openldap { # Add extension of date with name of log file dateext # Specify format of date appended with name of the log file dateformat -%Y-%m-%d.log # Keep 365 days worth of backlogs rotate 365 # Rotate log files daily daily # If the log file is missing, go on to the next one without issuing an error message. missingok # Postpone compression of the previous log file until next rotation of logs. This only works when used in combination with # compress delaycompress # Compress old log files compress # Lines between postrotate and endscript are executed after the log file is rotated. Following line stands for gracefully restart # of rsyslog service after log rotation. postrotate invoke-rc.d rsyslog reload > /dev/null endscript } |
-
Open /etc/logrotate.conf file and uncomment following line to enable compression of all log files generated by rsyslog service :
-
Then restart “rsyslog” and “slapd” service with following commands respectively :
Congratulations !! Now you have successfully configured OpenLDAP on Ubuntu.
Download slapd service file from below link :
slapd
For more implementation details or support you may contact us at [email protected] .
For professional paid support, you may contact us at [email protected] .