< Previous | Contents | Next >
1.1. Installation
Install the OpenLDAP server daemon and the traditional LDAP management utilities. These are found in packages slapd and ldap-utils respectively.
The installation of slapd will create a working configuration. In particular, it will create a database instance that you can use to store your data. However, the suffix (or base DN) of this instance will be determined from the domain name of the host. If you want something different, you can change it right after the installation when you still don't have any useful data.
This guide will use a database suffix of dc=example,dc=com.
Proceed with the install:
sudo apt install slapd ldap-utils
If you want to change your DIT suffix, now would be a good time, because changing it discards your existing one. To change the suffix, run the following command:
sudo dpkg-reconfigure slapd
To switch your DIT suffix to dc=example,dc=com, for example, so you can follow this guide more closely, answer example.com when asked about the DNS domain name.
Since Ubuntu 8.10 slapd is designed to be configured within slapd itself by dedicating a separate DIT for that purpose. This allows one to dynamically configure slapd without the need to restart the service. This configuration database consists of a collection of text-based LDIF files located under /etc/ldap/slapd.d. This way of working is known by several names: the slapd-config method, the RTC method (Real Time
Configuration), or the cn=config method. You can still use the traditional flat-file method (slapd.conf) but it's not recommended; the functionality will be eventually phased out.
Ubuntu now uses the slapd-config method for slapd configuration and this guide reflects that.
During the install you were prompted to define administrative credentials. These are LDAP-based credentials for the rootDN of your database instance. By default, this user's DN is cn=admin,dc=example,dc=com. Also by default, there is no administrative account created for the slapd-config database and you will therefore need to authenticate externally to LDAP in order to access it. We will see how to do this later on.
Some classical schemas (cosine, nis, inetorgperson) come built-in with slapd nowadays. There is also an included "core" schema, a pre-requisite for any schema to work.