How to install LDAP on CentOS 7

11 Sep 2018 0 29  0
How to install LDAP on CentOS 7
How to install LDAP on CentOS 7

In this tutorial, we will teach you how to install LDAP on CentOS 7.

Check out Our Best

What is LDAP client

LDAP is short for Lightweight Directory Access Protocol, it is an open, vendor-neutral, industry standard application protocol which helps access and maintains any distributed directory information services over an Internet Protocol (IP) network.

LDAP is used to store any type of information and it is generally used as one component of a centralized authentication system.


Installing LDAP on CentOS 7

Installing and configuring an OpenLDAP server on CentOS 7 is a simple task, follow the instructions below and you should get it installed in less than 10 minutes.

Step 1: Updating the System

Before you start installing any new software, you need to update your system packages to the latest available versions.

# yum update


Step 2: Installing OpenLDAP

Now, you have to install the packages OpenLDAP needs for its functionality.

# yum -y install openldap compat-openldap openldap-clients openldap-servers openldap-servers-sql openldap-devel


Next, you need to initiate and enable it on boot.

# systemctl start slapd.service

# systemctl enable slapd.service


Execute the ‘slappasswd’ command to set a LDAP root password and save the output since we will be requiring it to configure OpenLDAP.

# slappasswd


Configuring OpenLDAP server

You can now start configuring the OpenLDAP server. First, create a couple of LDIF files and then execute the ‘ldapmodify’ command to deploy the configuration to the server. The files are going to be stored in ‘/etc/openldap/slapd.d’ which should not be modified manually.

OlcSuffix Variable

The ‘db.ldif’ file is going to update the ‘olcSuffix’ variable and will append the distinguished name to queries which will be passed to the backend database. After this, it will configure the domain name and your LDAP server to provide account information as well as updating the ‘olcRootDN’ variable which specifies the root distinguished name user which will have administrator access to the LDAP server.

Main Domain

Our domain is going to be ‘‘ and written within the ‘dbldif’ file. It should be like this: ‘dc=field,dc=dreamvps,dc=com’ and our root distinguished name is ‘cn=ldapadm,dc=field,dc=dreamvps,dc=com’.

Step 3: Configuring OpenLDAP

Create the ‘db.ldif’ file with nano or a text editor of your preference and enter in the content below in.

# nano db.ldif

dn: olcDatabase={2}hdb,cn=config

changetype: modify

replace: olcSuffix

olcSuffix: dc=field,dc=dreamvps,dc=com

dn: olcDatabase={2}hdb,cn=config

changetype: modify

replace: olcRootDN

olcRootDN: cn=ldapadm,dc=field,dc=dreamvps,dc=com

dn: olcDatabase={2}hdb,cn=config

changetype: modify

replace: olcRootPW

olcRootPW: hashed_output_from_the_slappasswd_command


Next, deploy the configuration with ldapmodify.

# ldapmodify -Y EXTERNAL -H ldapi:/// -f db.ldif


Now restrict monitor access only to the ldapadm user.

# nano monitor.ldif

dn: olcDatabase={1}monitor,cn=config

changetype: modify

replace: olcAccess

olcAccess: {0}to * by dn.base="gidNumber=0+uidNumber=0,cn=peercred,cn=external, cn=auth" read by dn.base="cn=ldapadm,dc=field,dc=dreamvps,dc=com" read by * none


Deploy the configuration change once more.

# ldapmodify -Y EXTERNAL -H ldapi:/// -f monitor.ldif


You have to generate a certificate and a private key so that you can communicate securely with the OPenLDAP server.  Run the following command to do it.

openssl req -new -x509 -nodes -out \

/etc/openldap/certs/ \

-keyout /etc/openldap/certs/ \

-days 365


Now change the owner and group permissions so OpenLDAP is able to read the files.

# chown -R ldap:ldap /etc/openldap/certs


Next, you will have to create ‘certs.ldif’ to configure OpenLDAP to use the LDAPS protocol.

# nano certs.ldif

dn: cn=config

changetype: modify

replace: olcTLSCertificateFile

olcTLSCertificateFile: /etc/openldap/certs/

dn: cn=config

changetype: modify

replace: olcTLSCertificateKeyFile

olcTLSCertificateKeyFile: /etc/openldap/certs/


We may now deploy the configuration again.

# ldapmodify -Y EXTERNAL -H ldapi:/// -f certs.ldif


Now try out the configuration by executing the command below.

# slaptest -u


Step 4: Setting up the OpenLDAP database

You may now set up the LDAP database, begin by copying the sample database configuration file to ‘/var/lib/ldap’ and replacing the file permissions.

# cp /usr/share/openldap-servers/DB_CONFIG.example /var/lib/ldap/DB_CONFIG

# chown -R ldap:ldap /var/lib/ldap


Append the LDAP schemas.

# ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/cosine.ldif

# ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/nis.ldif

# ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/inetorgperson.ldif


Now make the ‘base.ldif’ file for your domain.

# nano base.ldif

dn: dc=field,dc=dreamvps,dc=com

dc: field

objectClass: top

objectClass: domain

dn: cn=ldapadm,dc=field,dc=dreamvps,dc=com

objectClass: organizationalRole

cn: ldapadm

description: LDAP Manager

dn: ou=People,dc=field,dc=dreamvps,dc=com

objectClass: organizationalUnit

ou: People

dn: ou=Group,dc=field,dc=dreamvps,dc=com

objectClass: organizationalUnit

ou: Group


You now need to deploy those configuration changes to the OpenLDAP by using the ldapadm user:

# ldapadd -x -W -D "cn=ldapadm,dc=field,dc=linuxhostsupport,dc=com" -f base.ldif


Put in the root password once prompted.

If you want to add users, it is simpler to append them using a GUI; we suggest using Apache Directory Studio or JXplorer for this.

This is it, LDAP should now be installed on your CentOS 7 VPS.

And one more thing

Also, here are a few hand-picked guides that must read next:

  1. How to install SquirrelMail on CentOS 7
  2. How to Rebuild a Corrupted RPM Database in CentOS


Add a comment

Leave a Reply