Symas OpenLDAP Knowledge Base

Symas OpenLDAP 2.5 Quick Start

This tutorial will lead you through the entire process needed for downloading, formatting and running your own version of Symas OpenLDAP LDAP Directory 2.5. Throughout this guide, there will be many examples of necessary steps and visuals needed in order for the directory to run properly. By following these steps, you will be able to run, edit and expand your own OpenLDAP database.

On that note, we don’t expect this exercise will provide anything more than the general framework of working with OpenLDAP. However, this tutorial will introduce concepts needed in a simplified way.

1. “Get” the software

Symas has a repository for its binary packages for OpenLDAP 2.5 at https://repo.symas.com/soldap2.5/. The home page of that repository points to instructions for configuring your system’s package manager to point to our repository, installing Symas’s binary packages of OpenLDAP 2.5, and updating those packages going forward. Click For More

On the left hand side is a list of all available platforms that OpenLDAP 2.5 is supported on. For this exercise we are going to follow the steps of Debian 11.

  1. Click on Debian 11 on the left-most column
  2. Follow the steps presented and run the following commands:
sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys DA26A148887DCBEB

sudo wget -q https://repo.symas.com/configs/SOLDAP/d11/release25.list -O /etc/apt/sources.list.d/soldap-release25.list

sudo apt update

sudo apt install symas-openldap-clients symas-openldap-server

These steps have downloaded the necessary materials for Symas OpenLDAP 2.5 on your device. Now that we have the necessary materials, we will need to configure the OpenLDAP server.

2. Make slapd.d Directory

In order for later commands to work, slapd.d needs to be added as a directory to the main openldap directory. Run the following command to add slapd.d as a directory:

mkdir /opt/symas/etc/openldap/slapd.d

3. Configure the OpenLDAP Server (slapd)

In order to provide edits to the slapd.conf.default file, we will make a copy of the file and edit the configuration in a new file named slapd.conf. Use the following commands to execute this:

cd /opt/symas/etc/openldap

cp slapd.conf.default slapd.conf

vi slapd.conf

Use your favorite editor to edit slapd.conf (usually installed as /opt/symas/etc/openldap/slapd.conf) to match this:

  • uncomment “modulepath /opt/symas/lib/openldap” and remove any spaces before
  • uncomment “moduleload back_mbd.la” and remove any spaces before
  • delete comments (#) entirely between lines 52-54 “Uncomment the… a restart”
  • delete comments (#) entirely between lines 61-74 so the entry reads like this:
database        mdb
maxsize         1073741824
suffix          dc=sample,dc=com
rootdn          cn=Manager,dc=sample,dc=com
rootpw          secret
directory       /var/symas/openldap-data
index   objectClass     eq
  • Save and exit the editing of slapd.conf

NOTE: To ensure there are no errors moving forward, please make sure that any time this file is changed, all entries must not have any extra spaces at the end of lines or this may cause an error in the program. For an annotated version of this click here. For a downloadable copy right-click herenull.

Be sure to replace any ‘sample’ with the appropriate domain components of your domain name.

For the rest of the quick-start steps, we use assume that olcsuffix is set to dc=sample, dc=com.

Details regarding configuring slapd(8) can be found in the slapd-config(5) manual page and the Configuring slapd chapter of this document. Note that the specified olcDbDirectory must exist prior to starting slapd(8).

4. Start slapd (the server software)

You are now ready to start the Standalone LDAP Daemon, slapd, by running the command:

sudo /opt/symas/lib/slapd 

As a failsafe, run the following command to ensure slapd is actively running:

pgrep slapd

This command should come back with a number corresponding with the order that slapd is running in along with others.

Here we provide only one input parameter to slapd, the LDIF database we loaded in the previous step. There are many other parameters you can specify when bringing up slapd. None are needed right now.

To check to see if the server is running and configured correctly, you can run a search against it with ldapsearch(1). By default, ldapsearch is installed as /opt/symas/bin/ldapsearch and should already be in your $PATH:

sudo /opt/symas/bin/ldapsearch -x -b '' -s base '(objectclass=*)' namingContexts

NOTE: the use of single quotes around command parameters is to prevent special characters from being interpreted by the shell.

This should return:

dn:
namingContexts: dc=sample,dc=com

This is a search against the root of the entire database. OpenLDAP has internal databases which were not set up in this tiny configuration: a configuration database and a monitoring database are very common. access log and session log are two others.

In addition, an OpenLDAP server can actually manage more than one directory. You might have another directory for dc=example,dc=org with completely different user data. Both COULD run on just one instance of slapd. If that were the case, both would be listed in the output from that command.

5. Add initial entries to your directory

Use the ldapadd command to add entries to your LDAP directory. ldapadd expects input in LDIF form. We’ll do it in two steps:

  • create an LDIF file
  • run ldapadd

At this point, the directory only contains a naming context for the database. The root entry has to be inserted. And the cn=Manager,dc=sample,dc=com entry has to be set up. So we’ll do that next.

Use your favorite editor and create an LDIF file (example.ldif) that contains:

dn: dc=sample,dc=com
objectclass: dcObject
objectclass: organization
o: Sample Co.
dc: sample

dn: cn=Manager,dc=sample,dc=com
objectclass: organizationalRole
cn: Manager

Now, run ldapadd to insert these entries into your directory.

sudo /opt/symas/bin/ldapadd -x -D cn=Manager,dc=sample,dc=com -W -f /opt/symas/etc/openldap/example.ldif

A breakdown of this command can be found here.

You will be prompted for the “secret” specified in slapd.ldif. If you “hashed” the password (“secret”), here you provide the password you asked ldappasswd to hash.