23/6/2020 How To Install and Configure OpenLDAP Server on Debian 10 (Buster) | ComputingForGeeks

How To Install and Con gure OpenLDAP Server

on Debian 10 (Buster)
By Josphat Mutai - August 21, 2019

You can support us by downloading this article as PDF from the Link below.

 Download the guide as PDF

In this blog post. you’ll learn how to install and con gure OpenLDAP on Debian 10
Buster. OpenLDAP is a free and open-source implementation of the Lightweight
Directory Access Protocol released under OpenLDAP Public License.

After installing OpenLDAP Server on Debian 10 (Buster), you can optionally add
phpLDAPadmin / LDAP Account Manager to ease daily administration of LDAP Server.
We’ll cover the installation of LDAP UI Management tools on separate guides.

Follow the steps shared in the next sections to have a running OpenLDAP Server on
Debian 10 (Buster). Before you start the installation, con gure FQDN hostname for
your server and add a record to le /etc/hosts .

echo "192.168.10.10 ldap.example.com" | sudo tee -a /etc/hosts

sudo hostnamectl set-hostname ldap.example.com --static
https://computingforgeeks.com/how-to-install-and-configure-openldap-server-on-debian/ 1/10
23/6/2020 How To Install and Configure OpenLDAP Server on Debian 10 (Buster) | ComputingForGeeks

192.168.10.10 and ldap.example.com to be replaced with matching IP address and

hostname respectively.

Step 1: Update Debian server

For setups done on a clean installation of Debian Server, ensure the system is
updated and upgraded.

sudo apt -y update

sudo apt -y upgrade
sudo reboot

Step 2: Install OpenLDAP on Debian 10 Buster

After system update and successful reboot, we’re set to install OpenLDAP Server on
Debian package from our system default repositories.
Thank you for visiting. Support my
hard work with just a cup of coffee!
sudo apt -y install slapd ldap-utils

You’ll be prompted to enter the admin password for your LDAP directory.

Con rm password provided.

If your installation was successful, the slapcat command should provide OpenLDAP
server details.

$ slapcat
dn: dc=computingforgeeks,dc=com
objectClass: top
objectClass: dcObject
https://computingforgeeks.com/how-to-install-and-configure-openldap-server-on-debian/ 2/10
23/6/2020 How To Install and Configure OpenLDAP Server on Debian 10 (Buster) | ComputingForGeeks
j j
objectClass: organization
o: computingforgeeks.com
dc: computingforgeeks
structuralObjectClass: organization
entryUUID: 3380a11a-587c-1039-8fb1-a76b7240a677
creatorsName: cn=admin,dc=computingforgeeks,dc=com
createTimestamp: 20190821162641Z
entryCSN: 20190821162641.076360Z#000000#000#000000
modifiersName: cn=admin,dc=computingforgeeks,dc=com
modifyTimestamp: 20190821162641Z

dn: cn=admin,dc=computingforgeeks,dc=com
objectClass: simpleSecurityObject
objectClass: organizationalRole
cn: admin
description: LDAP administrator
userPassword:: e1NTSEF9eDN2SUVtUnRZMUFjeHZuREtMaDlwdjU5c3dMZkFaWmM=
Thank you for visiting. Support my
structuralObjectClass: organizationalRole hard work with just a cup of coffee!

entryUUID: 3380e3fa-587c-1039-8fb2-a76b7240a677
creatorsName: cn=admin,dc=computingforgeeks,dc=com
createTimestamp: 20190821162641Z
entryCSN: 20190821162641.078129Z#000000#000#000000
modifiersName: cn=admin,dc=computingforgeeks,dc=com
modifyTimestamp: 20190821162641Z

Step 3: Add base dn for Users and Groups

The next step is adding a base DN for users and groups. Create a le
named basedn.ldif with below contents:

$ nano basedn.ldif
dn: ou=people,dc=computingforgeeks,dc=com
objectClass: organizationalUnit
ou: people

dn: ou=groups,dc=computingforgeeks,dc=com
objectClass: organizationalUnit
ou: groups

Where computingforgeeks and com are domain components, as shown by slapcat

command.

When done, apply con gurations with the command:

https://computingforgeeks.com/how-to-install-and-configure-openldap-server-on-debian/ 3/10
23/6/2020 How To Install and Configure OpenLDAP Server on Debian 10 (Buster) | ComputingForGeeks

$ sudo ldapadd -x -D cn=admin,dc=computingforgeeks,dc=com -W -f basedn.

.......
Enter LDAP Password:
adding new entry "ou=people,dc=computingforgeeks,dc=com"
adding new entry "ou=groups,dc=computingforgeeks,dc=com"

Step 4: Add User Accounts and Groups

Generate a password for the user account to add.

$ slappasswd
New password:
Re-enter new password:
{SSHA}5D94oKzVyJYzkCq21LhXDZFNZpPQD9uE
Thank you for visiting. Support my
hard work with just a cup of coffee!
Create ldif le for adding users.

$ nano ldapusers.ldif
dn: uid=jmutai,ou=people,dc=computingforgeeks,dc=com
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: shadowAccount
cn: Josphat
sn: Mutai
userPassword: {SSHA}5D94oKzVyJYzkCq21LhXDZFNZpPQD9uE
loginShell: /bin/bash
homeDirectory: /home/testuser
uidNumber: 3000
gidNumber: 3000

Replace jmutai with the username to add

dc=computingforgeeks,dc=com with your correct domain values.

cn & sn with your user details

{SSHA}5D94oKzVyJYzkCq21LhXDZFNZpPQD9uE with your hashed password

generated.

Apply con g:

$ ldapadd -x -D cn=admin,dc=computingforgeeks,dc=com -W -f ldapusers.ldi

Enter LDAP Password:
adding new entry "uid=jmutai,ou=people,dc=computingforgeeks,dc=com"
https://computingforgeeks.com/how-to-install-and-configure-openldap-server-on-debian/ 4/10
23/6/2020 How To Install and Configure OpenLDAP Server on Debian 10 (Buster) | ComputingForGeeks
g y j , p p , p g g ,

A group is added in similar way.

Do the same of group. Create ldif le:

$ cat ldapgroups.ldif
dn: cn=jmutai,ou=groups,dc=computingforgeeks,dc=com
objectClass: posixGroup
cn: jmutai
gidNumber: 3000
memberUid: jmutai

$ ldapadd -x -D cn=admin,dc=computingforgeeks,dc=com -W -f ldapgroups.ld

Enter LDAP Password:
adding new entry "cn=jmutai,ou=groups,dc=computingforgeeks,dc=com"

Thank you for visiting. Support my

The two les can be combined into a single le. hard work with just a cup of coffee!

Step 5: Install LDAP Account Manager on Debian 10

(Buster)
We’ll install and use LDAP Account Manager as our OpenLDAP Server graphical
management dashboard. LDAP Account Manager (LAM) is a web frontend for
managing entries (e.g. users, groups, DHCP settings) stored in an LDAP director

Features of LDAP Account Manager

Manages Unix, Samba 3/4, Kolab 3, Kopano, DHCP, SSH keys, a group of
names and much more

Has support for 2-factor authentication

Support for account creation pro les

CSV le upload

Automatic creation/deletion of home directories

setting le system quotas

PDF output for all accounts

schema and LDAP browser

manages multiple servers with di erent con gurations

wget http://prdownloads.sourceforge.net/lam/ldap-account-manager_6.8-1_
sudo dpkg -i ldap-account-manager_6.8-1_all.deb
https://computingforgeeks.com/how-to-install-and-configure-openldap-server-on-debian/ 5/10
23/6/2020 How To Install and Configure OpenLDAP Server on Debian 10 (Buster) | ComputingForGeeks
p g p g _ _

If you encounter errors during installation, run:

sudo apt -f install

sudo dpkg -i ldap-account-manager_6.8-1_all.deb

Step 6: Con gure LDAP Account Manager

Access LDAP Account Manager web interface from a trusted machine network on

http://(server’s hostname or IP address)/lam

The LDAP Account Manager Login form will be shown. We need to set our LDAP
server pro le by clicking on [LAM configuration] at the upper right corner.

Then click on, Edit server profiles

Thank you for visiting. Support my

hard work with just a cup of coffee!

This will ask you for LAM Pro le name Password:

Default password is lam

The rst thing to change is Profile Password , this is at the end of General
Settings page.

https://computingforgeeks.com/how-to-install-and-configure-openldap-server-on-debian/ 6/10
23/6/2020 How To Install and Configure OpenLDAP Server on Debian 10 (Buster) | ComputingForGeeks
Next is to set LDAP Server address and Tree suffix . Mine looks like below, you
need to use your Domain components as set in server hostname.

Set Dashboard login by specifying the admin user account and domain components
under “Security settings” section.

Switch to “Account types” page and set Active account types LDAP su x and List
attributes.

Thank you for visiting. Support my

hard work with just a cup of coffee!

You can also enable other available account types you wish to use. User and Group
modules can be enabled and disabled on “Modules” page.

When done with the settings, click the Save button at the bottom of the page.

Step 7: Add user accounts and groups with LDAP

Account Manager
Login with the account admin to LAM dashboard to start managing user accounts
and groups.

https://computingforgeeks.com/how-to-install-and-configure-openldap-server-on-debian/ 7/10
23/6/2020 How To Install and Configure OpenLDAP Server on Debian 10 (Buster) | ComputingForGeeks

You’ll use the Users and Groups links to manage user accounts and groups.

Add User Group

You need to add a user group before the actual user account. Click on Groups > New
Group

Thank you for visiting. Support my

Give the group a name, optional group ID and description. hard work with just a cup of coffee!

Do the same to add other groups.

Add User Accounts

Once you have the groups for user accounts to be added, click on Users > New
user to add a new user account to your LDAP server. You have three sections for
user management:

Personal – This contains user’s personal information like the rst name, last name,
email, phone, department, address e.t.c

Unix: This section is where you set the Username, Common name, UID
number(optional), User comment, User Primary group, and Secondary
https://computingforgeeks.com/how-to-install-and-configure-openldap-server-on-debian/ 8/10
23/6/2020 How To Install and Configure OpenLDAP Server on Debian 10 (Buster) | ComputingForGeeks
p yg p y
groups, Home directory and the default Login shell.

Shadow: This section is where you add Shadow account extension, things related
to password aging/expiry.

Thank you for visiting. Support my

hard work with just a cup of coffee!

You may have more sections depending on the Modules enabled for User and Group
management.

Our next guide will cover how to con gure the LDAP client on Debian 10 Buster. Also
check:

How to Install and con gure OpenLDAP Server on Ubuntu 18.04 LTS

Secure LDAP Server with SSL/TLS on Ubuntu

You can support us by downloading this article as PDF from the Link below.

 Download the guide as PDF

We really appreciate you supporting our efforts by buying us Coffee:

Coming up with fresh, high quality content takes time. Sometimes working
late at night building labs and then doing the writing. We appreciate if you
consider supporting our e orts with a cup of co ee to keep us awake and
always deliver.

https://computingforgeeks.com/how-to-install-and-configure-openldap-server-on-debian/ 9/10
23/6/2020 How To Install and Configure OpenLDAP Server on Debian 10 (Buster) | ComputingForGeeks

No contribution is small. We are greatful for any amount you support us with. Thank

you!

Josphat Mutai
https://computingforgeeks.com/

Founder of Computingforgeeks. Expertise in Virtualization, Cloud, Linux/UNIX Administration,

Automation,Storage Systems, Containers, Server Clustering e.t.c.

Thank you for visiting. Support my

hard work with just a cup of coffee!

https://computingforgeeks.com/how-to-install-and-configure-openldap-server-on-debian/ 10/10