LINUXexpert

LDAP Active Directory

Active Directory Replacement using LDAP on Linux

Introduction

Active Directory (AD) is a directory service developed by Microsoft for Windows domain networks. Setting up a similar service on Linux can be achieved using LDAP (Lightweight Directory Access Protocol). This guide walks through the steps to set up an LDAP server on Linux, configure it, and manage users and groups.

Prerequisites

  • A Linux server (Ubuntu/Debian preferred)
  • Root or sudo access
  • Basic knowledge of Linux command line

Step 1: Install LDAP Server

To install OpenLDAP server on Ubuntu/Debian, run the following command:

sudo apt-get update
sudo apt-get install slapd ldap-utils

Step 2: Configure LDAP

Reconfigure the LDAP server to set up the domain and admin password:

sudo dpkg-reconfigure slapd

During the configuration, provide the following information:

  • Omit OpenLDAP server configuration: No
  • DNS domain name: example.com
  • Organization name: Example Inc
  • Administrator password: YourAdminPassword
  • Database backend to use: MDB
  • Remove the database when slapd is purged: No
  • Move old database: Yes

Step 3: Verify LDAP Installation

After installation, verify that the LDAP server is running:

sudo systemctl status slapd

Step 4: LDAP Structure

Create the base structure for your LDAP directory by creating a file base.ldif with the following content:

dn: ou=users,dc=example,dc=com
objectClass: organizationalUnit
ou: users

dn: ou=groups,dc=example,dc=com
objectClass: organizationalUnit
ou: groups

Apply the changes to the LDAP directory:

sudo ldapadd -x -D "cn=admin,dc=example,dc=com" -W -f base.ldif

Step 5: Add Users and Groups

Create a file users.ldif to add users:

dn: uid=jdoe,ou=users,dc=example,dc=com
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: shadowAccount
cn: John Doe
sn: Doe
uid: jdoe
uidNumber: 10000
gidNumber: 10000
homeDirectory: /home/jdoe
loginShell: /bin/bash
gecos: John Doe
userPassword: {SSHA}your_hashed_password

dn: cn=developers,ou=groups,dc=example,dc=com
objectClass: posixGroup
cn: developers
gidNumber: 10000
memberUid: jdoe

Add the users and groups to the LDAP directory:

sudo ldapadd -x -D "cn=admin,dc=example,dc=com" -W -f users.ldif

Step 6: Configure LDAP Client

Install necessary packages on client machines:

sudo apt-get install libnss-ldap libpam-ldap ldap-utils nscd

During the installation, provide the LDAP server URI and search base:

  • LDAP server URI: ldap://your-ldap-server
  • Search base: dc=example,dc=com

Configure NSS by editing /etc/nsswitch.conf:

passwd:         compat ldap
group:          compat ldap
shadow:         compat ldap

Step 7: Test LDAP Authentication

On the client machine, test LDAP user authentication by switching to an LDAP user:

su - jdoe

If everything is set up correctly, you should be able to log in as the LDAP user.

Conclusion

You have successfully set up an LDAP server on Linux to act as an Active Directory replacement. You can now manage users and groups centrally and authenticate Linux clients using the LDAP directory.

Other Recent Posts