Step-by-Step to Install OpenLDAP and LAM on Ubuntu 22.04

December 9, 2023 December 9, 2023 8 min read

Enhance the infrastructure security by installing the OpenLDAP on Ubuntu 22.04 server. The OpenLDAP is an open-source implementation of LDAP protocol that allows you to centralize user authentications and supports integration with various network services.

For FreeBSD users, check our latest guide on How to Install OpenLDAP and LAM on FreeBSD 14.

This article will guide you through the installation of the OpenLDAP server on the Ubuntu system. Not only that, this also guides you to the installation of LAM (LDAP Account Manager) with Apache web server and its integration with the OpenLDAP server. By completing this guide, you will have the OpenLDAP server installed and you can manage it easily via the graphical interface with LAM.

Prerequisites

Before you jump in, ensure you have the following:

An Ubuntu 22.04 server.
See more: 15 Steps to Install Ubuntu Server 22.04 LTS
A non-root user with sudo or administrator privileges.

Setting Up FQDN (Fully Qualified Domain Name)

Before installing the OpenLDAP server, you must ensure that you have a proper FQDN (Fully Qualified Domain Name) that points to the correct IP address of your server. In the first section, you will set up the fqdn of your system via the hostnamectl utility and /etc/hosts file.

1. Run the hostnamectl command below to set up the fqdn your system to ldap.server5.com.

sudo hostnamectl set-hostname ldap.server5.com

2. Use the following vim editor to open the /etc/hosts file.

sudo vim /etc/hosts

Insert the following configuration and be sure to change the details of the IP address, fqdn, and the system hostname.

192.168.5.30 ldap.server5.com ldap

When finished, save and exit the file.

3. Lastly, run the following command to verify the fqdn and ensure it is pointed to the correct IP address.

sudo hostname -f
ping -c3 ldap.server5.com

The following output indicates that fqdn ldap.server5.com is pointed to the IP address 192.168.5.30.

Configuring FQDN (Fully Qualified Domain Name)

Installing OpenLDAP on Ubuntu Server

Now that the fqdn is configured, the next step is to install the OpenLDAP server to your Ubuntu machine and verify the OpenLDAP version.

1. Before installing OpenLDAP, execute the apt update command below to update and refresh your Ubuntu package index.

sudo apt update

2. Install the OpenLDAP packages slapd and ldap-utils using the apt install command below. Type y to confirm and proceed the proceed the installation.

sudo apt install slapd ldap-utils

3. During the installation, you should be asked to configure the admin password for the OpenLDAP server. Input your password and select OK.

4. Repeat the password and select OK again to complete the installation.

5. After OpenLDAP is installed, check the OpenLDAP version in your Ubuntu using the slapd command below.

slapd -VV

In this case, we’ve installed OpenLDAP 2.5.14 via the official Ubuntu repository.

Configuring OpenLDAP on Ubuntu Server

After installing the OpenLDAP server, you will set up the OpenLDAP domain name or base domain, admin password, and the OpenLDAP database. To achieve that, you must reconfigure the OpenLDAP package slapd.

1. First, execute the following command to configure the OpenLDAP installation using interactive mode.

sudo dpkg-reconfigure slapd

2. Now, select No when asked to omit the OpenLDAP configuration.

3. Then, input the domain name of your OpenLDAP server and select OK. In this case, the domain name or base domain for the OpenLDAP server is ldap.server5.com.

Setting up DNS domain name for OpenLDAP Server

4. Next, Input the organization name of your OpenLDAP server and select OK to continue.

5. Input your OpenLDAP admin password and repeat the password.

Input the admin password for OpenLDAP Server

6. After that, select No when asked to remove the old database of the OpenLDAP server.

7. Lastly, select Yes to move the old database to a new location.

Moving old OpenLDAP database to new location? Yes

When the process is finished, you should get the following output:

Adding Base Domain to OpenLDAP Server

Now that you’ve reconfigured OpenLDAP with the proper base domain. Moving forward, you will modify the OpenLDAP configuration file /etc/ldap/ldap.conf, restart the slapd service to apply the changes, then verify the OpenLDAP server base domain.

1. To start, run the following vim editor command to open the OpenLDAP configuration file /etc/ldap/ldap.conf.

sudo vim /etc/ldap/ldap.conf

Change the BASE and URI parameters with the domain name of your OpenLDAP server.

BASE dc=ldap,dc=server5,dc=com
URI ldap://ldap.server5.com

When you’re done, save and exit the file.

2. Now run the following systemctl command to restart the OpenLDAP server and apply the changes that you’ve made. Then, verify the OpenLDAP server to ensure that the service is running.

sudo systemctl restart slapd
sudo systemctl status slapd

The following output confirms the OpenLDAP server is running.

3. Next, you can also check the OpenLDAP port 389 via the ss command below.

ss -tulpn | grep slapd

If OpenLDAP running, then port 389 should be in the LISTEN state.

4. Lastly, run the ldapsearch command below to check the default domain name of your OpenLDAP server.

ldapsearch -x

If everything goes well, your OpenLDAP server should be configured with the new domain name.

Checking the base domain OpenLDAP Server

Installing LAM (LDAP Account Manager)

At this point, you’ve installed the OpenLDAP server with basic configuration. In the next step, you will install the LAM (LDAP Account Manager) via APT. The LAM or LDAP Account Manager is a web application written in PHP for managing the OpenLDAP server via web browser, and it’s available by default on the Ubuntu repository.

Note: The LAM or LDAP Account Manager is a PHP web application. So, this will install both PHP and Apache web server to your Ubuntu system.

1. Install the LDAP Account Manager (LAM) using the apt install command below.

sudo apt install ldap-account-manager

Type y to proceed with the installation.

Installing LAM (LDAP Account Manager) on Ubuntu Server

2. After you’ve installed LAM (LDAP Account Manager), launch your web browser and visit the server IP address with the path URL /lam like this: http://192.168.5.30/lam/. If successful, you should get the login page of the LAM application.

Integrating LAM with OpenLDAP Server

After the LAM is installed, you must integrate LAM with your OpenLDAP server, which can be done from the LAM administration dashboard.

1. On the LAMP login page, click on the LAM configuration menu to integrate LAM with the OpenLDAP server.

Configuring LAM

2. Now, select Edit server profiles to continue.

3. Then, input the default password lam when asked and click OK.

4. Within the LAM dashboard, you should see tabs menu such as General settings, Account types, Modules, and Module settings.

General Settings

On the General Settings tab, configure the following:

1. In the Tool settings section, input the base domain of your OpenLDAP server.

Adding base domain OpenLDAP Server to LAM

2. In the Security settings section, select the Login method as Fixed list and input the default OpenLDAP admin user with the following format cn=admin,dc=server5,dc=com.

Configuring admin user for OpenLDAP Server — Adding OpenLDAP admin user to LAM

3. Next, scroll down and move to the Profile password section to change the default lam password.

Changing the LAM password

Account Types

On the Account types tab, configure the following:

1. Within the Users section, input the default base domain for storing LDAP users, such as ou=People,dc=server5,dc=com.

2. Within the Groups section, input the default base domain for storing groups, such as ou=group,dc=server5,dc=com.

Configuring OpenLDAP base user and group via LAM

3. When finished, scroll down and click Save to apply.

4. If the changes are successful, you should get the following confirmation. Also, you will be redirected to the LAM login page again.

Applying LAM (LDAP Account Manager) Configuration

At this point, you’ve completed the integration of LAM (LDAP Account Manager) with the OpenLDAP server. Now, time to apply the changes and verify the integration of the LAM and OpenLDAP server.

1. First, input your OpenLDAP admin user and password, then click LOGIN.

Logging in to LAM (LDAP Account Manager) using OpenLDAP admin user

2. Now, when asked to create a base domain for users and groups, click Create to proceed.

Creating OpenLDAP base user and group via LAM

Once the base domain is created, you should get the following:

3. Next, click on the Tools menu and select Tree view to verify the base domain, user, and group of your OpenLDAP Server installation.

If everything goes well, you should see the base domain dc=server5,dc=com with the base users ou=People and base group ou=group.

Checking LAM integration with OpenLDAP Server

4. Lastly, back to your terminal server and execute the ldapsearch command below to verify OpenLDAP server configuration.

sudo ldapsearch -x

If the OpenLDAP installation is successful, you should see OpenLDAP Server with base domain dc=server5,dc=com, base user ou=People,dc=server5,dc=com, and base group ou=group,dc=server5,dc=com.

Checking base domain, users, and group via ldapsearch

Conclusion

Well done! You’ve followed all the stops and installed the OpenLDAP server on your Ubuntu machine. You’ve also installed the LAM (LDAP Account Manager) and integrated it with your OpenLDAP server. You can now configure your OpenLDAP server easily with a graphical interface via the LAM dashboard.

ArvidL

System administrator and devops enthusiast, leveraging over 10+ years of Linux expertise to optimize operations. Proficient in FreeBSD, VMWare, KVM, Proxmox, PfSense, Ansible, Docker, and Kubernetes.