Set up your LDAP server on Ubuntu 10.04

Jack Wallen
Aug 31, 2010
Updated • Nov 28, 2012
Network
|
12

So lately I've been covering some pretty sweet LDAP tools. You've seen "Manage your LDAP data with phpLDAPAdmin", "Access and manage your LDAP data with Luma", and "Set up an LDAP server on Fedora". Although the last entry showed you how to get a server up and running with the 389 Directory Server GUI, none of these articles have touched on the tried and true text-based installation and setup of the slapd LDAP server. And that is exactly what we are going to do here.

But here's the thing - the slapd server can be a real pain to set up. It didn't used to be. The old fashion way was to install slapd and then edit the /etc/ldap/slapd.conf file to suite your needs. Thing is, the slapd.conf configuration file has been deprecated and now, trying to figure out how to configure slapd is like finding the proverbial needle in the proverbial haystack. Fortunately, in my desperate scouring to work out an easy method of doing this, I have found some tools to make the job easier. And that's what this article is all about, getting slapd up and running on a Ubuntu machine so you too can have LDAP running.

Installation

Of course there is a bit of installation to take care of before you do anything. But the installation isn't challenging and there isn't too much to install. Here are the steps you need to follow:

  1. Open up a terminal window.
  2. Issue the command sudo apt-get install slapd ldap-utils php5-ldap.
  3. Type your sudo password and hit Enter.
  4. Accept any dependencies necessary.

And that's it. You are now ready for the configuration of slapd. But what to do? This article isn't about a fancy GUI tool. Instead I have found a script floating around the web (who's author I can not name because I have seen this script on a number of sites) which actually makes this process amazingly easy. I have posted the script here on pastebin for you to either download or copy and paste.

No matter if you download or copy and paste the script, name it something like ldap_script.sh and save it in your home directory. Once you have it saved give it executable permissions with the command:

chmod u+x ldap_script

Now the script is almost ready. You do have to make a few simple changes. Near the top of the script you will see:

passwd=pleaseeditme
dc1=pleaseeditme
dc2=pleaseeditme

Obviously you need to change each pleaseeditme entry to suit your needs. For my LDAP server that section lookes like:

passwd=mypassword
dc1=wallen
cd2=local

You will also notice, near the end of the script, it adds a user. The section #Adding user can be edited to suit your needs, or it can be left alone so that at least one correct user is added at first.

When you have the script ready, it's time to execute. Issue the command sudo ./ldap_script and watch the magic fly by. When all is said and done you should then be able to check out your LDAP server with one of the means mentioned in previous articles, or you can issue the command:

ldapsearch -x -h localhost -b "dc=EXAMPLE,dc=COM" "(objectClass=*)"

Where EXAMPLE and COM match your dc entires.

Final thoughts

You should now have your LDAP server up and running. You can start adding entries and managing it with whatever tool (or command line) you want. NOTE: We'll take a look at the management of LDAP via the command line in later articles. Enjoy your LDAP server!

Advertisement

Previous Post: «
Next Post: «

Comments

  1. Anonymous said on February 13, 2014 at 4:07 pm
    Reply

    NOT WORKING .

    After package installation executed the script

    vagrant@lucid32:~$ sudo ./ldap_script.sh
    SASL/EXTERNAL authentication started
    SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
    SASL SSF: 0
    adding new entry “cn=cosine,cn=schema,cn=config”

    SASL/EXTERNAL authentication started
    SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
    SASL SSF: 0
    adding new entry “cn=inetorgperson,cn=schema,cn=config”

    SASL/EXTERNAL authentication started
    SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
    SASL SSF: 0
    adding new entry “cn=nis,cn=schema,cn=config”

    SASL/EXTERNAL authentication started
    SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
    SASL SSF: 0
    adding new entry “cn=misc,cn=schema,cn=config”

    SASL/EXTERNAL authentication started
    SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
    SASL SSF: 0
    ldapadd: attributeDescription “dn”: (possible missing newline after line 7, entry “cn=module{0},cn=config”?)
    ldapadd: attributeDescription “dn”: (possible missing newline after line 8, entry “cn=module{0},cn=config”?)
    ldapadd: attributeDescription “dn”: (possible missing newline after line 9, entry “cn=module{0},cn=config”?)
    ldapadd: attributeDescription “dn”: (possible missing newline after line 10, entry “cn=module{0},cn=config”?)
    ldapadd: attributeDescription “dn”: (possible missing newline after line 11, entry “cn=module{0},cn=config”?)
    ldapadd: attributeDescription “dn”: (possible missing newline after line 12, entry “cn=module{0},cn=config”?)
    adding new entry “cn=module{0},cn=config”
    ldap_add: Invalid syntax (21)
    additional info: objectClass: value #2 invalid per syntax

    Enter LDAP Password:
    ldap_bind: Invalid credentials (49)

  2. jayshomebrew said on July 4, 2012 at 7:05 pm
    Reply

    This worked perfect for me. Thanks.

    this is what I did to make sure it worked. For some reason, the default ubuntu software server didn’t include some of the slapd files.

    1. changed ubuntu 10.04 update manager settings to mirror.anl.gov
    see http://i.imgur.com/P4g7w.png

    2. sudo apt-get update

    3. followed the instructions from OP.

    4. sudo ./ldap_script

    should pause half way thru, asking you for your password to the ldap server
    .
    .
    Enter LDAP Password:

    5. then when you do the test, ie: ldapsearch, you should get:

    # ldap1, people, myserver.local
    dn: uid=ldap1,ou=people,dc=myserver,dc=local
    objectClass: inetOrgPerson
    objectClass: posixAccount
    objectClass: shadowAccount
    uid: ldap1
    sn: Asdasd
    givenName: ldap1
    cn: ldap1 Asdasd
    displayName: ldap1 asdasd
    uidNumber: 1002
    gidNumber: 1000
    gecos: ldap1 asdasd
    loginShell: /bin/bash
    homeDirectory: /home/ldap1
    shadowExpire: -1
    shadowFlag: 0
    shadowWarning: 7
    shadowMin: 8
    shadowMax: 999999
    mail: aw@myserver.local
    postalCode: 31000
    l: Mysity
    o: myserver
    mobile: +33 (0)6 22 22 22 22 22
    homePhone: +33 (0)5 33 22 33 22
    title: System Administrator
    postalAddress:
    initials: LP

    # search result
    search: 2
    result: 0 Success

  3. Andre said on March 26, 2012 at 4:15 am
    Reply

    I get the following warning/error when I try and make changes via phpldapadmin.

    Any ideas?

    Automatically removed objectClass from template
    Thunderbird: Address Book Entry: mozillaOrgPerson removed from template as it is not defined in the schema
    Automatically removed attribute from template
    Thunderbird: Address Book Entry: c removed from template as it is not defined by an ObjectClass
    Automatically removed objectClass from template
    Samba: Account: sambaSAMAccount removed from template as it is not defined in the schema
    Unknown XML setting [array]
    Unknown attribute setting will be ignored. [s:2:”10″;]
    Missing [post] setting in XML file [helper]
    [helper] needs an accompanying [post] action.
    Unknown XML setting [location]
    Unknown XML type setting for helper will be ignored. [side]
    Automatically removed attribute from template
    User Group: memberUid removed from template as it is not defined by an ObjectClass
    Automatically removed objectClass from template
    Courier Mail: Alias: courierMailAlias removed from template as it is not defined in the schema
    Automatically removed objectClass from template
    Samba: Machine: sambaSAMAccount removed from template as it is not defined in the schema
    Automatically removed objectClass from template
    Samba: Group Mapping: sambaGroupMapping removed from template as it is not defined in the schema
    Automatically removed attribute from template
    Samba: Group Mapping: displayName removed from template as it is not defined by an ObjectClass
    Automatically removed objectClass from template
    Courier Mail: Account: courierMailAccount removed from template as it is not defined in the schema
    Automatically removed attribute from template
    Courier Mail: Account: uidNumber removed from template as it is not defined by an ObjectClass
    Automatically removed attribute from template
    Courier Mail: Account: gidNumber removed from template as it is not defined by an ObjectClass
    Automatically removed attribute from template
    Courier Mail: Account: homeDirectory removed from template as it is not defined by an ObjectClass

  4. Gerard said on February 15, 2012 at 12:01 pm
    Reply

    I face the same problem as Jonathan Cole

  5. Anonymous said on December 27, 2011 at 4:37 am
    Reply

    You kidding me?

    This is why I stick to Windows. Everytime I try to follow some ‘expert’ advise like the one posted here for Linux machines I get nowhere… and noone replies to queries for help…

    1. matt said on December 30, 2011 at 7:03 am
      Reply

      lol you vag look at other sites

  6. Madhavan said on November 2, 2010 at 9:16 am
    Reply

    i had done all the things which you explained there. Finally i ran the ./ldapscript,sh it doesn’t get execute and also i tried sh ./ldapscripts.sh that also not work here
    kindly reply me

  7. Arditi said on October 21, 2010 at 6:10 pm
    Reply

    When using somebody else script, at least leave the source to the author!

  8. chansm said on October 21, 2010 at 11:57 am
    Reply

    Hi
    Your instruction is helpful.
    I have a similar situation as Jonathan Coles

    below is the error msg
    Enter LDAP Password:
    ldap_bind: Invalid credentials (49)

    I have setup webmin and use the ldap interface to setup the ldap server
    have the following error
    No LDIF-format config file found for olcDatabase={1}hdb,cn=config

    Would appreciate any help in advance

  9. Phil said on September 28, 2010 at 2:41 pm
    Reply

    Works great!

    I would be very interested to hear your strategy for backing our nice new directories; both the data and the cn=config tree.

  10. Jonathan Coles said on September 27, 2010 at 2:25 am
    Reply

    The instructions look simple and straightforward. But you must have left out some configuration instructions.

    I followed the instructions on 10.04 (64-bit) and got a “Can’t contact LDAP server (-1)” error.
    Is the required password something other than the one in ldap_script.sh?

    Looking at the output, there’s no sign of trouble until it falls flat on its face at the end. Any idea what could be wrong?

    jcoles@thispc:~/Projects/ldap$ sudo ./ldap_script.sh
    SASL/EXTERNAL authentication started
    SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
    SASL SSF: 0
    adding new entry “cn=cosine,cn=schema,cn=config”

    SASL/EXTERNAL authentication started
    SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
    SASL SSF: 0
    adding new entry “cn=inetorgperson,cn=schema,cn=config”

    SASL/EXTERNAL authentication started
    SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
    SASL SSF: 0
    adding new entry “cn=nis,cn=schema,cn=config”

    SASL/EXTERNAL authentication started
    SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
    SASL SSF: 0
    adding new entry “cn=misc,cn=schema,cn=config”

    SASL/EXTERNAL authentication started
    SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
    SASL SSF: 0
    adding new entry “cn=module{0},cn=config”

    adding new entry “olcDatabase={1}hdb,cn=config”

    modifying entry “cn=config”

    modifying entry “olcDatabase={-1}frontend,cn=config”

    modifying entry “olcDatabase={0}config,cn=config”

    modifying entry “olcDatabase={0}config,cn=config”

    modifying entry “olcDatabase={0}config,cn=config”

    Enter LDAP Password:
    ldap_sasl_bind(SIMPLE): Can’t contact LDAP server (-1)

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

We love comments and welcome thoughtful and civilized discussion. Rudeness and personal attacks will not be tolerated. Please stay on-topic.
Please note that your comment may not appear immediately after you post it.