How To Install, Configure and Test Open Ldap Server For Ubuntu


Lightweight Directory Access Protocol is a protocol developed for managing users, groups access, rights in a IT environment.  There are different protocols used for authentication and authorization but LDAP is most popular and compatible protocol.

LDAP can be used to integrate Windows Active Directory with Linux and other non Windows systems. Active directory also provides LDAP services too.

In this tutorial we will look how to install, configure and test LDAP server installed on Ubuntu.


There are different software that implements LDAP protocol. In this tutorial we will use popular tool suite named OpenLDAP. We will install all OpenLDAP related packages with the following command.

Set Admin Password

Verify Admin Password


Set Search Base For Domain Name

Set Version

Set Password Change PAM

Set Login To Retrieve Entries

Set Root or Admin Account

LDIF File Format

LDAP Data Interchange Format or LDIF is a standard plain text data exchange format used mainly LDAP protocol. LDIF format is defined with RFC 2849 . LDIF is used for the following operations to provide data and configuration.

  • Add
  • Modify
  • Delete
  • Rename

Here is simple LDIF example

There are some important LDIF fields. Let’s look them.


dn specifies distinguished name and used to indentify entry in the directory.


dc specifies domain component and used to identify domain name like which is equal

LEARN MORE  How To Add A User To A Group?


ou specifies organizational unit and used for set the group. Following example specifies group admin


cn specifies common name and used to set data about dn like user name , recipe name , job title

LDAP Configuration Files

Ldap provides a lot of configurations files. But we will look most important configuration files where we will interact and change them.

  • config.ldif is the default and main configuration file which is read and applied by ldap service. It is located at /etc/ldap/slap.d/cn=config.ldif .
  • olcDatabase{2}bdb.ldif file is used to store form information about the domain. It is LDAP database file. This file also stores LDAP root user and the base Domain Name or DN.

Create LDAP Admin User

The best practice to manage the LDAP services is creating an admin user with full permissions. In order to create admin user we need to set the user name  with DN.

The admin user is specified with olcRootDN line in the configuration file named olcDatabase . We can find related olcDatabase file with grep like below.

The database file is located at /etc/ldap/slapd.d/cn=config/olcDatabase={1}.mdb.lif this location and file may have minor changes according to your distributions and version. We change this line according to fully qualified domain name like below.

Here our domain name is and name admin . We need to change the olcSuffix too which is in the same file. Our new olcSuffix line is like below.

LEARN MORE  How To List Currently Logged In Users In Linux?

Set LDAP Admin User Password

Previously we have set our user admin. Now we need to set password for this user. The password line is located in the same file with username. The password line is specified with olcRootDN .

As we see this value is stored as a hash so we need to convert our password into hash value. Hopefully there is a tool named slappasswd used for creating password hash values. We enter the password we want to use twice.

Set LDAP Admin User Password

Set LDAP Admin User Password

We add created value accordingly like below.

Verify Configuration Files

As configuring LDAP with text files is tedious job we can make mistakes. This mistakes generally results the LDAP services do not starts. We can check the configuration files and verify syntax before taking any serious action. We will use tool named slaptest like below.

Verify Configuration Files

Verify Configuration Files

We can se the message config file testing succeeded .

Restart LDAP Service

In previous step we have set the password value. Setting password value will not effect to the LDAP configuration immediately. We need to restart the LDAP service to make new configuration effective. We restart the service with systemctl command.

And check if it is started correctly

Restart LDAP Service

Restart LDAP Service

Verify LDAP Search

Now it seems everything is OK. We can check our LDAP service by sending some example queries. We will use ldapsearch command to list our domain entries as count.

LEARN MORE  Linux Whoami Command Tutorial To Find Current User

Verify LDAP Search

Verify LDAP Search

We can se that there are two search results

You may also like...

Leave a Reply

Your email address will not be published.

Enjoy this blog? Please spread the word :)