home
projects
translations
articles
blog

LDAP simplest configuration

A phone book

We start with the simplest possible configuration: a phone book.

  • It will only hold names, phone numbers and email addresses (initially).
  • anybody will be able to bind to the server anonymously.
  • only the admin user will be able to modify its content.

OpenLDAP server configuration

Here is the bare minimum you need for the OpenLDAP server configuration. The configuration is located the file slapd.conf, typically located in /etc/openldap: 


include         /etc/openldap/schema/core.schema
include         /etc/openldap/schema/cosine.schema
include         /etc/openldap/schema/inetorgperson.schema

pidfile         /var/run/openldap/slapd.pid
argsfile        /var/run/openldap/slapd.args

database        bdb
suffix          "dc=example,dc=com"
rootdn          "cn=Admin,dc=example,dc=com"
rootpw          asecret
directory       /var/lib/openldap-data
index   objectClass     eq

Most of those lines should already be included in the default OpenLDAP file, but you will most likely have to add the include lines for both the cosine and inetorgperson schema. The advantage of using these predefined schemas is that they follow the RFCs, which means that LDAP clients will be able to use the information properly, for example LDAP clients will know where to find phone book type records or group and user record.

In red are fields that you need to customise:

  • suffix: the example her is for the "example.com" domain. Edit for your own domain.
  • rootdn: The cn here is the name of the user which will be able to make all types of changes to your server. We chose "Admin" in our example but you can use any name.
  • rootpw: this is the password for the user you chose in rootdn above.

The client configuration

The configuration of the client is necessary for the LDAP basic commands (ldapadd, ldapdelete, etc...). Only the name of the server and base dn are required. For OpenLDAP, the configuration file is ldap.conf, and it will likely sit in the directory /etc/openldap: 

URI  ldap://servername
BASE dc=example,dc=com

Populating with data

In order to load a large amount of data, you create a text LDIF (LDAP Data Interchange Format, a standard data interchange format) file. you could also add each entry one by one using either the command line or a gui client. Here is the simplest LDIF file, defining only the base dn, the People branch, and two users: 


dn: dc=example, dc=com
objectClass: domain
objectclass: dcObject
dc: example

dn: ou=People, dc=example, dc=com
ou: People
objectClass: organizationalUnit

dn: cn=Nicolas Bourbaki,ou=People,dc=example,dc=com
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
mail:Nicolas.Bourbaki@example.com
givenName: Nicolas
sn: Bourbaki
cn: Nicolas Bourbaki
homePhone: +31 41 592 6536

dn: cn=Sophie Fonfeck,ou=People,dc=example,dc=com
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
mail:Sophie@example.com
givenName: Sophie
sn: Fonfeck
cn: Sophie Fonfeck
homePhone: 1 403 555 2368
mobile: 1 403 555 0127

You can now upload this file using the following command: 


ldapadd -r -D "cn=Admin,dc=example,dc=com" -x -W -f file.ldif
If you run into a problem and want to delete the entire content of your LDAP server, use: 

ldapdelete -D "cn=Admin,dc=example,dc=com" -x -r -W "dc=example,dc=com"