Lightweight Directory Access Protocol (LDAP), is a protocol for managing related information from a centralized location through the use of a file and directory hierarchy.

It functions in a similar way to a relational database in certain ways, and can be used to organize and store any kind of information. LDAP is commonly used for centralized authentication.

 

Settings about host before installation

Before installation of LDAP, I set settings as in my example:

  • System name: ldap.test.com 
  • Domain name: test.com
  • System IP: 192.168.22.200

Configuration files:

cat /etc/hostname

ldap

cat /etc/hosts

127.0.0.1      localhost
127.0.1.1      ldap.test.com ldap

cat /etc/network/interfaces

source /etc/network/interfaces.d/*

auto lo
iface lo inet loopback

auto eth0
iface eth0 inet static
address 192.168.22.200
netmask 255.255.255.0
gateway 192.168.22.1

 

Install LDAP server and utils packages

Install packages with:

apt-get install slapd ldap-utils

Choose "Y" to start the installation.

Enter strong password and press enter, then confirm password,

Set BASE and URI in config file /etc/ldap/ldap.conf

BASE    dc=test,dc=com
URI     ldap://localhost:389

Now configure slapd package with:

dpkg-reconfigure slapd

Choose "No" and press enter

Just press enter

Enter organization name, or leave default

Enter strong password and press enter, then confirm password

Select database backend, in my case MDB

Select "No"

Select "Yes"

Select "No", and Your LDAP is complete configured.

 

Start LDAP service

Start LDAP service with:

systemctl restart slapd

Check LDAP with:

ldapsearch -x 

 

Very basic LDAP tree

Now we can create groups, users in LDAP

 

Create groups

make file: nano groups.ldif

version: 1

dn: ou=groups,dc=test,dc=com
objectClass: top
objectClass: organizationalUnit
ou: groups

dn: cn=nextcloud,ou=groups,dc=test,dc=com
objectClass: top
objectClass: posixGroup
cn: nextcloud
gidNumber: 500
memberUid: user1
memberUid: user2

Now add groups (groups and nextcloud):

ldapadd -x -W -D "cn=admin,dc=test,dc=com" -f groups.ldif

make file: nano users.ldif

version: 1

dn: ou=users,dc=test,dc=com
objectClass: top
objectClass: organizationalUnit
ou: users

dn: cn=First User,ou=users,dc=test,dc=com
objectClass: top
objectClass: posixAccount
objectClass: inetOrgPerson
cn: First User
gidNumber: 500
homeDirectory: /home/user1
sn: User
uid: user1
uidNumber: 2000
givenName: First
loginShell: /bin/bash
mail: user1@test.com
userPassword: {CRYPT}$1$58hxEKLS$ypZarETITIXH4WMotxS2k/

dn: cn=Second User,ou=users,dc=test,dc=com
objectClass: top
objectClass: posixAccount
objectClass: inetOrgPerson
cn: Second User
gidNumber: 500
homeDirectory: /home/user2
sn: User
uid: user2
uidNumber: 2001
givenName: Second
loginShell: /bin/bash
mail: user2@test.com
userPassword: {CRYPT}$1$a1ade9eu$zEAzuj1nO5FU4Hx.BE3cq1

Now add users (user1 and user2, password is crypted ad value is test123):

ldapadd -x -W -D "cn=admin,dc=test,dc=com" -f users.ldif

 

Test LDAP 

Simple test of LDAP service:

Search all users in ou=users,dc=test,dc=com :

ldapsearch -x -W -D cn=admin,dc=test,dc=com -b "ou=users,dc=test,dc=com" inetOrgPerson