So lately I’ve been covering some pretty sweet LDAP tools. You’ve seen “Manage your LDAP data with phpLDAPAdmin“, “Access and manage your LDAP data with Luma“, and “Set up an LDAP server on Fedora“. Although the last entry showed you how to get a server up and running with the 389 Directory Server GUI, none of these articles have touched on the tried and true text-based installation and setup of the slapd LDAP server. And that is exactly what we are going to do here.
But here’s the thing – the slapd server can be a real pain to set up. It didn’t used to be. The old fashion way was to install slapd and then edit the /etc/ldap/slapd.conf file to suite your needs. Thing is, the slapd.conf configuration file has been deprecated and now, trying to figure out how to configure slapd is like finding the proverbial needle in the proverbial haystack. Fortunately, in my desperate scouring to work out an easy method of doing this, I have found some tools to make the job easier. And that’s what this article is all about, getting slapd up and running on a Ubuntu machine so you too can have LDAP running.
Installation
Of course there is a bit of installation to take care of before you do anything. But the installation isn’t challenging and there isn’t too much to install. Here are the steps you need to follow:
- Open up a terminal window.
- Issue the command
sudo apt-get install slapd ldap-utils php5-ldap. - Type your sudo password and hit Enter.
- Accept any dependencies necessary.
And that’s it. You are now ready for the configuration of slapd. But what to do? This article isn’t about a fancy GUI tool. Instead I have found a script floating around the web (who’s author I can not name because I have seen this script on a number of sites) which actually makes this process amazingly easy. I have posted the script here on pastebin for you to either download or copy and paste.
No matter if you download or copy and paste the script, name it something like ldap_script.sh and save it in your home directory. Once you have it saved give it executable permissions with the command:
chmod u+x ldap_script
Now the script is almost ready. You do have to make a few simple changes. Near the top of the script you will see:
passwd=pleaseeditme
dc1=pleaseeditme
dc2=pleaseeditme
Obviously you need to change each pleaseeditme entry to suit your needs. For my LDAP server that section lookes like:
passwd=mypassword
dc1=wallen
cd2=local
You will also notice, near the end of the script, it adds a user. The section #Adding user can be edited to suit your needs, or it can be left alone so that at least one correct user is added at first.
When you have the script ready, it’s time to execute. Issue the command sudo ./ldap_script and watch the magic fly by. When all is said and done you should then be able to check out your LDAP server with one of the means mentioned in previous articles, or you can issue the command:
ldapsearch -x -h localhost -b "dc=EXAMPLE,dc=COM" "(objectClass=*)"
Where EXAMPLE and COM match your dc entires.
Final thoughts
You should now have your LDAP server up and running. You can start adding entries and managing it with whatever tool (or command line) you want. NOTE: We’ll take a look at the management of LDAP via the command line in later articles. Enjoy your LDAP server!
Enjoyed the article?: Then sign-up for our free newsletter or RSS feed to kick off your day with the latest technology news and tips, or share the article with your friends and contacts on Facebook or Twitter.Related Articles:
Set up an LDAP server on FedoraAdding LDAP entries from the command line
Modify LDAP entries with the ldapmodify command
Access and manage your LDAP data with Luma
Manage your LDAP data with phpLDAPadmin
The instructions look simple and straightforward. But you must have left out some configuration instructions.
I followed the instructions on 10.04 (64-bit) and got a “Can’t contact LDAP server (-1)” error.
Is the required password something other than the one in ldap_script.sh?
Looking at the output, there’s no sign of trouble until it falls flat on its face at the end. Any idea what could be wrong?
jcoles@thispc:~/Projects/ldap$ sudo ./ldap_script.sh
SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0
adding new entry “cn=cosine,cn=schema,cn=config”
SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0
adding new entry “cn=inetorgperson,cn=schema,cn=config”
SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0
adding new entry “cn=nis,cn=schema,cn=config”
SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0
adding new entry “cn=misc,cn=schema,cn=config”
SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0
adding new entry “cn=module{0},cn=config”
adding new entry “olcDatabase={1}hdb,cn=config”
modifying entry “cn=config”
modifying entry “olcDatabase={-1}frontend,cn=config”
modifying entry “olcDatabase={0}config,cn=config”
modifying entry “olcDatabase={0}config,cn=config”
modifying entry “olcDatabase={0}config,cn=config”
Enter LDAP Password:
ldap_sasl_bind(SIMPLE): Can’t contact LDAP server (-1)
Works great!
I would be very interested to hear your strategy for backing our nice new directories; both the data and the cn=config tree.
Hi
Your instruction is helpful.
I have a similar situation as Jonathan Coles
below is the error msg
Enter LDAP Password:
ldap_bind: Invalid credentials (49)
I have setup webmin and use the ldap interface to setup the ldap server
have the following error
No LDIF-format config file found for olcDatabase={1}hdb,cn=config
Would appreciate any help in advance
When using somebody else script, at least leave the source to the author!
i had done all the things which you explained there. Finally i ran the ./ldapscript,sh it doesn’t get execute and also i tried sh ./ldapscripts.sh that also not work here
kindly reply me
You kidding me?
This is why I stick to Windows. Everytime I try to follow some ‘expert’ advise like the one posted here for Linux machines I get nowhere… and noone replies to queries for help…
lol you vag look at other sites