Catatan kisah, perjalanan, riset, pdkt ke pasangan dll.
OpenLDAP is an open-source and fast directory server that provides network client with directory services. Client applications connect to OpenLDAP server using the Lightweight Directory Access Protocol (LDAP) to access organizational information stored on that server. Given the appropriate access, clients can search the directory, modify and manipulate records in the directory. OpenLDAP is efficient on both reading and modifying data in the directory.
OpenLDAP servers are most commonly used to provide centralized management of user accounts.
Run the following command to install OpenLDAP server and the client command-line utilities from Ubuntu 16.04 package repository. slapd stands for the Stand-Alone LDAP Daemon.
sudo apt install slapd ldap-utils
You will be asked to set a password for the admin entry in the LDAP directory.
Once it’s done, slapd will be automatically started. You can check out its status with:
systemctl status slapd
Be default, it runs as the openldap user as is defined in
The installation process installs the package without any configurations. To have our OpenLDAP server running properly, we need to do some basic post-installation configuration. Run the following command to start the configuration wizard.
sudo dpkg-reconfigure slapd
You will need to answer a series of questions. Answer these questions as follows:
Omit LDAP server configuration: NO.
DNS domain name: Enter your domain name like linuxbabe.com. You will need to set a correct A record for your domain name. You can also subdomains like directory.linuxbabe.com. This information is used to create the base DN (distinguished name) of the LDAP directory.
Organization name: Enter your organization name like LinuxBabe.
Administrator password: Enter the same password set during installation
Database backend: MDB. BDB (Berkeley Database) is slow and cumbersome. It is deprecated and support will be dropped in future OpenLDAP releases. HDB (Hierarchical Database) is a variant of the BDB backend and will also be deprecated.
MDB reads are 5-20x faster than BDB. Writes are 2-5x faster. And it consumes 1/4 as much RAM as BDB. So we choose MDB as the database backend.
Do you want the database to be removed when slapd is purged? No.
Move old database? Yes.
Allow LDAPv2 protocol? No. The latest version of LDAP is LDAP v.3, developed in 1997. LDAPv2 is obsolete.
Now the process will reconfigure the OpenLDAP service according to your answers. Your OpenLDAP server is now ready to use.
/etc/ldap/ldap.conf is the configuration file for all OpenLDAP clients. Open this file.
sudo nano /etc/ldap/ldap.conf
We need to specify two parameters: the base DN and the URI of our OpenLDAP server. Copy and paste the following text at the end of the file. Replace your-domain and com as appropriate.
BASE dc=your-domain,dc=com URI ldap://localhost
The first line defines the base DN. It tells the client programs where to start their search in the directory. If you used a subdomain when configuring OpenLDAP server, then you need to add the subdomain here like so
The second line defines the URI of our OpenLDAP server. Since the LDAP server and client are on the same machine, we should set the URI to ldap://localhost
Now that OpenLDAP server is running and client configuration is done, run the following command to make test connections to the server.
# extended LDIF # # LDAPv3 # base <dc=linuxbabe,dc=com> (default) with scope subtree # filter: (objectclass=*) # requesting: ALL # # linuxbabe.com dn: dc=linuxbabe,dc=com objectClass: top objectClass: dcObject objectClass: organization o: LinuxBabe # admin, linuxbabe.com dn: cn=admin,dc=linuxbabe,dc=com objectClass: simpleSecurityObject objectClass: organizationalRole cn: admin description: LDAP administrator # search result search: 2 result: 0 Success # numResponses: 3 # numEntries: 2
Result: 0 Success indicates that OpenLDAP server is working. If you get the following line, then it’s not working.
result: 32 No such object