{"id":11236,"date":"2022-01-05T22:28:15","date_gmt":"2022-01-05T19:28:15","guid":{"rendered":"https:\/\/kifarunix.com\/?p=11236"},"modified":"2024-03-14T19:15:01","modified_gmt":"2024-03-14T16:15:01","slug":"install-and-setup-openldap-server-on-ubuntu-22-04","status":"publish","type":"post","link":"https:\/\/kifarunix.com\/install-and-setup-openldap-server-on-ubuntu-22-04\/","title":{"rendered":"Install and Setup OpenLDAP server on Ubuntu 22.04"},"content":{"rendered":"\n<p>In this tutorial, you will learn how to install and setup OpenLDAP Server on Ubuntu 22.04.<\/p>\n\n\n\n<div class=\"wp-block-rank-math-toc-block\" id=\"rank-math-toc\"><h2>Table of Contents<\/h2><nav><ul><li><a href=\"#installing-open-ldap-server-on-ubuntu-22-04\">Installing OpenLDAP Server on Ubuntu 22.04<\/a><ul><li><a href=\"#update-your-system-package-cache\">Update your System Package Cache<\/a><\/li><li><a href=\"#build-and-install-open-ldap-server-on-ubuntu-22-04\">Build and Install OpenLDAP Server on Ubuntu 22.04<\/a><ul><li><a href=\"#create-open-ldap-system-account\">Create OpenLDAP System Account<\/a><\/li><li><a href=\"#install-required-dependencies-and-build-tools\">Install Required Dependencies and Build Tools<\/a><\/li><li><a href=\"#download-open-ldap-source-code\">Download OpenLDAP Source Code<\/a><\/li><li><a href=\"#extract-the-open-ldap-source-code\">Extract the OpenLDAP Source Code<\/a><\/li><li><a href=\"#install-open-ldap-server-on-ubuntu-22-04\">Install OpenLDAP Server on Ubuntu 22.04<\/a><\/li><\/ul><\/li><li><a href=\"#configuring-open-ldap-on-ubuntu-22-04\">Configuring OpenLDAP on Ubuntu 22.04<\/a><ul><li><a href=\"#create-data-and-database-directories\">Create Data and Database Directories<\/a><\/li><li><a href=\"#update-open-ldap-service\">Update OpenLDAP Service<\/a><\/li><li><a href=\"#create-open-ldap-sudo-schema\">Create OpenLDAP SUDO Schema<\/a><\/li><li><a href=\"#update-slapd-database\">Update SLAPD Database<\/a><\/li><li><a href=\"#running-open-ldap-service\">Running OpenLDAP Service<\/a><\/li><li><a href=\"#configure-open-ldap-logging-on-ubuntu-22-04\">Configure OpenLDAP Logging on Ubuntu 22.04<\/a><\/li><li><a href=\"#create-open-ldap-default-root-dn\">Create OpenLDAP Default Root DN<\/a><\/li><\/ul><\/li><li><a href=\"#configure-open-ldap-with-ssl-tls\">Configure OpenLDAP with SSL\/TLS<\/a><ul><li><a href=\"#create-open-ldap-base-dn\">Create OpenLDAP Base DN<\/a><\/li><li><a href=\"#create-open-ldap-user-accounts\">Create OpenLDAP User Accounts<\/a><\/li><li><a href=\"#setting-password-for-ldap-user\">Setting password for LDAP User<\/a><\/li><li><a href=\"#create-open-ldap-bind-dn-and-bind-dn-user\">Create OpenLDAP Bind DN and Bind DN User<\/a><\/li><li><a href=\"#enable-open-ldap-password-policies\">Enable OpenLDAP Password Policies<\/a><\/li><li><a href=\"#allow-open-ldap-service-on-firewall\">Allow OpenLDAP Service on Firewall<\/a><\/li><li><a href=\"#authenticate-via-open-ldap-server\">Authenticate Via OpenLDAP Server<\/a><\/li><\/ul><\/li><\/ul><\/li><\/ul><\/nav><\/div>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"installing-open-ldap-server-on-ubuntu-22-04\">Installing OpenLDAP Server on Ubuntu 22.04<\/h2>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"update-your-system-package-cache\">Update your System Package Cache<\/h3>\n\n\n\n<p>Before you begin, ensure your system package cache is up-to-date.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>apt update<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"build-and-install-open-ldap-server-on-ubuntu-22-04\">Build and Install OpenLDAP Server on Ubuntu 22.04<\/h3>\n\n\n\n<p>The default Ubuntu 22.04 repositories provides OpenLDAP 2.5.6;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>apt-cache policy slapd<\/code><\/pre>\n\n\n\n<pre class=\"scroll-box\"><code>slapd:\n  Installed: (none)\n  Candidate: 2.5.6+dfsg-1~exp1ubuntu1\n  Version table:\n     2.5.6+dfsg-1~exp1ubuntu1 500\n        500 http:\/\/ke.archive.ubuntu.com\/ubuntu jammy\/main amd64 Packages\n<\/code><\/pre>\n\n\n\n<p>As of this writing, OpenLDAP 2.6.0 is the current stable release, as per the <a href=\"https:\/\/www.openldap.org\/software\/release\/\" target=\"_blank\" rel=\"noreferrer noopener\">release page<\/a>.<\/p>\n\n\n\n<p>To ensure you run the latest version of OpenLDAP, you need then to build it from the source.<\/p>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"create-open-ldap-system-account\">Create OpenLDAP System Account<\/h4>\n\n\n\n<p>Create a non-privileged system user to run OpenLDAP.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>useradd -r -M -d \/var\/lib\/openldap -s \/usr\/sbin\/nologin ldap<\/code><\/pre>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"install-required-dependencies-and-build-tools\">Install Required Dependencies and Build Tools<\/h4>\n\n\n\n<p>There are quite a number of dependencies and build tools required for a successful build and compilation OpenLDAP from the source which can be installed by running the command below;<\/p>\n\n\n\n<pre class=\"scroll-box\"><code>apt install libsasl2-dev \\\n\tmake \\\n\tlibtool \\\n\tlibperl-dev \\\n\tbuild-essential \\\n\topenssl \\\n\tlibevent-dev \\\n\tlibargon2-dev \\\n\twget \\\n\tpkg-config \\\n\twiredtiger \\\n\tlibsystemd-dev \\\n\tlibssl-dev -y\n<\/code><\/pre>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"download-open-ldap-source-code\">Download OpenLDAP Source Code<\/h4>\n\n\n\n<p>Navigate to the&nbsp;<a rel=\"noreferrer noopener\" href=\"https:\/\/www.openldap.org\/software\/download\/\" target=\"_blank\">OpenLDAP download\u2019s page<\/a>&nbsp;and grab the tarball.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>VER=2.6.0<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>wget https:\/\/www.openldap.org\/software\/download\/OpenLDAP\/openldap-release\/openldap-$VER.tgz<\/code><\/pre>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"extract-the-open-ldap-source-code\">Extract the OpenLDAP Source Code<\/h4>\n\n\n\n<p>The tarball can be extracted by running the command;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>tar xzf openldap-$VER.tgz<\/code><\/pre>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"install-open-ldap-server-on-ubuntu-22-04\">Install OpenLDAP Server on Ubuntu 22.04<\/h4>\n\n\n\n<p>Compile and install OpenLDAP server on Ubuntu 22.04 as follows;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>cd openldap-$VER<\/code><\/pre>\n\n\n\n<pre class=\"scroll-box\"><code>.\/configure \\\n    --prefix=\/usr \\\n    --sysconfdir=\/etc \\\n    --disable-static \\\n    --enable-debug \\\n    --with-tls=openssl \\\n    --with-cyrus-sasl \\\n    --enable-dynamic \\\n    --enable-crypt \\\n    --enable-spasswd \\\n    --enable-slapd \\\n    --enable-modules \\\n    --enable-rlookups \\\n    --enable-backends=mod \\\n    --disable-sql \\\n    --enable-ppolicy=mod \\\n    --enable-syslog \\\n    --enable-overlays=mod \\\n    --with-systemd \\\n    --enable-wt=no\n<\/code><\/pre>\n\n\n\n<p>If the command ends with an error, fix it before you can proceed. Otherwise, with no error, the command should end with such output;<\/p>\n\n\n\n<pre class=\"scroll-box\"><code>\nConfiguring OpenLDAP 2.6.0-Release ...\nchecking build system type... x86_64-pc-linux-gnu\nchecking host system type... x86_64-pc-linux-gnu\nchecking target system type... x86_64-pc-linux-gnu\nchecking configure arguments... done\nchecking for cc... cc\nchecking for ar... ar\nchecking for strip... strip\nchecking whether make sets $(MAKE)... yes\nchecking how to print strings... printf\nchecking whether the C compiler works... yes\nchecking for C compiler default output file name... a.out\nchecking for suffix of executables... \nchecking whether we are cross compiling... no\nchecking for suffix of object files... o\nchecking whether we are using the GNU C compiler... yes\nchecking whether cc accepts -g... yes\nchecking for cc option to accept ISO C89... none needed\nchecking for a sed that does not truncate output... \/usr\/bin\/sed\nchecking for grep that handles long lines and -e... \/usr\/bin\/grep\nchecking for egrep... \/usr\/bin\/grep -E\nchecking for fgrep... \/usr\/bin\/grep -F\nchecking for ld used by cc... \/usr\/bin\/ld\nchecking if the linker (\/usr\/bin\/ld) is GNU ld... yes\nchecking for BSD- or MS-compatible name lister (nm)... \/usr\/bin\/nm -B\nchecking the name lister (\/usr\/bin\/nm -B) interface... BSD nm\nchecking whether ln -s works... yes\nchecking the maximum length of command line arguments... 1572864\nchecking how to convert x86_64-pc-linux-gnu file names to x86_64-pc-linux-gnu format... func_convert_file_noop\nchecking how to convert x86_64-pc-linux-gnu file names to toolchain format... func_convert_file_noop\nchecking for \/usr\/bin\/ld option to reload object files... -r\nchecking for objdump... objdump\nchecking how to recognize dependent libraries... pass_all\nchecking for dlltool... no\nchecking how to associate runtime and link libraries... printf %s\\n\nchecking for archiver @FILE support... @\nchecking for ranlib... ranlib\nchecking for gawk... no\nchecking for mawk... mawk\nchecking command to parse \/usr\/bin\/nm -B output from cc object... ok\nchecking for sysroot... no\nchecking for a working dd... \/usr\/bin\/dd\nchecking how to truncate binary pipes... \/usr\/bin\/dd bs=4096 count=1\nchecking for mt... mt\nchecking if mt is a manifest tool... no\nchecking how to run the C preprocessor... cc -E\nchecking for ANSI C header files... yes\nchecking for sys\/types.h... yes\nchecking for sys\/stat.h... yes\nchecking for stdlib.h... yes\nchecking for string.h... yes\nchecking for memory.h... yes\nchecking for strings.h... yes\nchecking for inttypes.h... yes\nchecking for stdint.h... yes\nchecking for unistd.h... yes\nchecking for dlfcn.h... yes\nchecking for objdir... .libs\nchecking if cc supports -fno-rtti -fno-exceptions... no\nchecking for cc option to produce PIC... -fPIC -DPIC\nchecking if cc PIC flag -fPIC -DPIC works... yes\nchecking if cc static flag -static works... yes\nchecking if cc supports -c -o file.o... yes\nchecking if cc supports -c -o file.o... (cached) yes\nchecking whether the cc linker (\/usr\/bin\/ld -m elf_x86_64) supports shared libraries... yes\nchecking whether -lc should be explicitly linked in... no\nchecking dynamic linker characteristics... GNU\/Linux ld.so\nchecking how to hardcode library paths into programs... immediate\nchecking for shl_load... no\nchecking for shl_load in -ldld... no\nchecking for dlopen... yes\nchecking whether a program can dlopen itself... yes\nchecking whether a statically linked program can dlopen itself... no\nchecking whether stripping libraries is possible... yes\nchecking if libtool supports shared libraries... yes\nchecking whether to build shared libraries... yes\nchecking whether to build static libraries... no\nchecking for perl... \/usr\/bin\/perl\nchecking how to run the C preprocessor... cc -E\nchecking whether we are using MS Visual C++... no\nchecking for windres... no\nchecking for be_app in -lbe... no\nchecking whether we are using the GNU C compiler... (cached) yes\nchecking whether cc accepts -g... (cached) yes\nchecking for cc option to accept ISO C89... (cached) none needed\nchecking for cc depend flag... -M\nchecking for afopen in -ls... no\nchecking ltdl.h usability... yes\nchecking ltdl.h presence... yes\nchecking for ltdl.h... yes\nchecking for lt_dlinit in -lltdl... yes\nchecking for EBCDIC... no\nchecking for ANSI C header files... yes\nchecking for dirent.h that defines DIR... yes\nchecking for library containing opendir... none required\nchecking for sys\/wait.h that is POSIX.1 compatible... yes\nchecking whether termios.h defines TIOCGWINSZ... no\nchecking whether sys\/ioctl.h defines TIOCGWINSZ... yes\nchecking arpa\/inet.h usability... yes\nchecking arpa\/inet.h presence... yes\nchecking for arpa\/inet.h... yes\nchecking arpa\/nameser.h usability... yes\nchecking arpa\/nameser.h presence... yes\nchecking for arpa\/nameser.h... yes\nchecking assert.h usability... yes\nchecking assert.h presence... yes\nchecking for assert.h... yes\nchecking bits\/types.h usability... yes\nchecking bits\/types.h presence... yes\nchecking for bits\/types.h... yes\nchecking conio.h usability... no\nchecking conio.h presence... no\nchecking for conio.h... no\nchecking crypt.h usability... yes\nchecking crypt.h presence... yes\nchecking for crypt.h... yes\nchecking direct.h usability... no\nchecking direct.h presence... no\nchecking for direct.h... no\nchecking errno.h usability... yes\nchecking errno.h presence... yes\nchecking for errno.h... yes\nchecking fcntl.h usability... yes\nchecking fcntl.h presence... yes\nchecking for fcntl.h... yes\nchecking filio.h usability... no\nchecking filio.h presence... no\nchecking for filio.h... no\nchecking getopt.h usability... yes\nchecking getopt.h presence... yes\nchecking for getopt.h... yes\nchecking grp.h usability... yes\nchecking grp.h presence... yes\nchecking for grp.h... yes\nchecking io.h usability... no\nchecking io.h presence... no\nchecking for io.h... no\nchecking libutil.h usability... no\nchecking libutil.h presence... no\nchecking for libutil.h... no\nchecking limits.h usability... yes\nchecking limits.h presence... yes\nchecking for limits.h... yes\nchecking locale.h usability... yes\nchecking locale.h presence... yes\nchecking for locale.h... yes\nchecking malloc.h usability... yes\nchecking malloc.h presence... yes\nchecking for malloc.h... yes\nchecking for memory.h... (cached) yes\nchecking psap.h usability... no\nchecking psap.h presence... no\nchecking for psap.h... no\nchecking pwd.h usability... yes\nchecking pwd.h presence... yes\nchecking for pwd.h... yes\nchecking process.h usability... no\nchecking process.h presence... no\nchecking for process.h... no\nchecking sgtty.h usability... yes\nchecking sgtty.h presence... yes\nchecking for sgtty.h... yes\nchecking shadow.h usability... yes\nchecking shadow.h presence... yes\nchecking for shadow.h... yes\nchecking stddef.h usability... yes\nchecking stddef.h presence... yes\nchecking for stddef.h... yes\nchecking for string.h... (cached) yes\nchecking for strings.h... (cached) yes\nchecking sysexits.h usability... yes\nchecking sysexits.h presence... yes\nchecking for sysexits.h... yes\nchecking sys\/file.h usability... yes\nchecking sys\/file.h presence... yes\nchecking for sys\/file.h... yes\nchecking sys\/filio.h usability... no\nchecking sys\/filio.h presence... no\nchecking for sys\/filio.h... no\nchecking sys\/fstyp.h usability... no\nchecking sys\/fstyp.h presence... no\nchecking for sys\/fstyp.h... no\nchecking sys\/errno.h usability... yes\nchecking sys\/errno.h presence... yes\nchecking for sys\/errno.h... yes\nchecking sys\/ioctl.h usability... yes\nchecking sys\/ioctl.h presence... yes\nchecking for sys\/ioctl.h... yes\nchecking sys\/param.h usability... yes\nchecking sys\/param.h presence... yes\nchecking for sys\/param.h... yes\nchecking sys\/privgrp.h usability... no\nchecking sys\/privgrp.h presence... no\nchecking for sys\/privgrp.h... no\nchecking sys\/resource.h usability... yes\nchecking sys\/resource.h presence... yes\nchecking for sys\/resource.h... yes\nchecking sys\/select.h usability... yes\nchecking sys\/select.h presence... yes\nchecking for sys\/select.h... yes\nchecking sys\/socket.h usability... yes\nchecking sys\/socket.h presence... yes\nchecking for sys\/socket.h... yes\nchecking for sys\/stat.h... (cached) yes\nchecking sys\/syslog.h usability... yes\nchecking sys\/syslog.h presence... yes\nchecking for sys\/syslog.h... yes\nchecking sys\/time.h usability... yes\nchecking sys\/time.h presence... yes\nchecking for sys\/time.h... yes\nchecking for sys\/types.h... (cached) yes\nchecking sys\/uio.h usability... yes\nchecking sys\/uio.h presence... yes\nchecking for sys\/uio.h... yes\nchecking sys\/vmount.h usability... no\nchecking sys\/vmount.h presence... no\nchecking for sys\/vmount.h... no\nchecking syslog.h usability... yes\nchecking syslog.h presence... yes\nchecking for syslog.h... yes\nchecking termios.h usability... yes\nchecking termios.h presence... yes\nchecking for termios.h... yes\nchecking for unistd.h... (cached) yes\nchecking utime.h usability... yes\nchecking utime.h presence... yes\nchecking for utime.h... yes\nchecking for resolv.h... yes\nchecking for netinet\/tcp.h... yes\nchecking for sys\/ucred.h... no\nchecking for sigaction... yes\nchecking for sigset... yes\nchecking for fmemopen... yes\nchecking for socket... yes\nchecking for select... yes\nchecking for sys\/select.h... (cached) yes\nchecking for sys\/socket.h... (cached) yes\nchecking types of arguments for select... int,fd_set *,struct timeval *\nchecking for poll... yes\nchecking poll.h usability... yes\nchecking poll.h presence... yes\nchecking for poll.h... yes\nchecking sys\/poll.h usability... yes\nchecking sys\/poll.h presence... yes\nchecking for sys\/poll.h... yes\nchecking sys\/epoll.h usability... yes\nchecking sys\/epoll.h presence... yes\nchecking for sys\/epoll.h... yes\nchecking for epoll system call... yes\nchecking sys\/event.h usability... no\nchecking sys\/event.h presence... no\nchecking for sys\/event.h... no\nchecking sys\/devpoll.h usability... no\nchecking sys\/devpoll.h presence... no\nchecking for sys\/devpoll.h... no\nchecking for strerror... yes\nchecking for strerror_r... yes\nchecking non-posix strerror_r... no\nchecking for regex.h... yes\nchecking for library containing regfree... none required\nchecking for compatible POSIX regex... yes\nchecking sys\/uuid.h usability... no\nchecking sys\/uuid.h presence... no\nchecking for sys\/uuid.h... no\nchecking uuid\/uuid.h usability... no\nchecking uuid\/uuid.h presence... no\nchecking for uuid\/uuid.h... no\nchecking to see if -lrpcrt4 is needed for win32 UUID support... no\nchecking for resolver link (default)... yes\nchecking for hstrerror... yes\nchecking for getaddrinfo... yes\nchecking for getnameinfo... yes\nchecking for gai_strerror... yes\nchecking for inet_ntop... yes\nchecking INET6_ADDRSTRLEN... yes\nchecking struct sockaddr_storage... yes\nchecking sys\/un.h usability... yes\nchecking sys\/un.h presence... yes\nchecking for sys\/un.h... yes\nchecking openssl\/ssl.h usability... yes\nchecking openssl\/ssl.h presence... yes\nchecking for openssl\/ssl.h... yes\nchecking for SSL_export_keying_material_early in -lssl... yes\nchecking for _beginthread... no\nchecking pthread.h usability... yes\nchecking pthread.h presence... yes\nchecking for pthread.h... yes\nchecking POSIX thread version... 10\nchecking for LinuxThreads pthread.h... no\nchecking for GNU Pth pthread.h... no\nchecking sched.h usability... yes\nchecking sched.h presence... yes\nchecking for sched.h... yes\nchecking for pthread_create in default libraries... yes\nchecking for sched_yield... yes\nchecking for pthread_yield... no\nchecking for thr_yield... no\nchecking for pthread_kill... yes\nchecking for pthread_rwlock_destroy with <pthread.h>... yes\nchecking for pthread_detach with <pthread.h>... yes\nchecking for pthread_setconcurrency... yes\nchecking for pthread_getconcurrency... yes\nchecking for thr_setconcurrency... no\nchecking for thr_getconcurrency... no\nchecking for pthread_kill_other_threads_np... no\nchecking for LinuxThreads implementation... no\nchecking for LinuxThreads consistency... no\nchecking if pthread_create() works... yes\nchecking if select yields when using pthreads... yes\nchecking for thread specific errno... yes\nchecking for thread specific h_errno... yes\nchecking for ctime_r... yes\nchecking for gmtime_r... yes\nchecking for localtime_r... yes\nchecking for gethostbyname_r... yes\nchecking for gethostbyaddr_r... yes\nchecking number of arguments of ctime_r... 2\nchecking number of arguments of gethostbyname_r... 6\nchecking number of arguments of gethostbyaddr_r... 8\nchecking for openlog... yes\nchecking sasl\/sasl.h usability... yes\nchecking sasl\/sasl.h presence... yes\nchecking for sasl\/sasl.h... yes\nchecking sasl.h usability... no\nchecking sasl.h presence... no\nchecking for sasl.h... no\nchecking for sasl_client_init in -lsasl2... yes\nchecking Cyrus SASL library version... yes\nchecking for sasl_version... yes\nchecking systemd\/sd-daemon.h usability... yes\nchecking systemd\/sd-daemon.h presence... yes\nchecking for systemd\/sd-daemon.h... yes\nchecking for sd_notify in -lsystemd... yes\nchecking fetch(3) library... no\nchecking for crypt... no\nchecking for crypt in -lcrypt... yes\nchecking for crypt_r in -lcrypt... yes\nchecking for mode_t... yes\nchecking for off_t... yes\nchecking for pid_t... yes\nchecking for ssize_t... yes\nchecking for caddr_t... yes\nchecking for size_t... yes\nchecking for long long... yes\nchecking for ptrdiff_t... yes\nchecking for socklen_t... yes\nchecking the type of arg 3 to accept()... socklen_t *\nchecking for sig_atomic_t... yes\nchecking for uid_t in sys\/types.h... yes\nchecking for sys\/time.h... (cached) yes\nchecking whether struct tm is in sys\/time.h or time.h... time.h\nchecking for struct stat.st_blksize... yes\nchecking for struct passwd.pw_gecos... yes\nchecking for struct passwd.pw_passwd... yes\nchecking if toupper() requires islower()... no\nchecking for an ANSI C-conforming const... yes\nchecking if compiler understands volatile... yes\nchecking whether byte ordering is bigendian... no\nchecking size of short... 2\nchecking size of int... 4\nchecking size of long... 8\nchecking size of long long... 8\nchecking size of wchar_t... 4\nchecking for working memcmp... yes\nchecking for strftime... yes\nchecking for inet_aton()... yes\nchecking for _spawnlp... no\nchecking for _snprintf... no\nchecking for vsnprintf... yes\nchecking for _vsnprintf... no\nchecking for vprintf... yes\nchecking for _doprnt... no\nchecking for snprintf... yes\nchecking for vsnprintf... (cached) yes\nchecking for bcopy... yes\nchecking for clock_gettime... yes\nchecking for closesocket... no\nchecking for chroot... yes\nchecking for endgrent... yes\nchecking for endpwent... yes\nchecking for fcntl... yes\nchecking for flock... yes\nchecking for fstat... yes\nchecking for getdtablesize... yes\nchecking for geteuid... yes\nchecking for getgrgid... yes\nchecking for gethostname... yes\nchecking for getpassphrase... no\nchecking for getpwuid... yes\nchecking for getpwnam... yes\nchecking for getspnam... yes\nchecking for gettimeofday... yes\nchecking for initgroups... yes\nchecking for inet_ntoa_b... no\nchecking for ioctl... yes\nchecking for lockf... yes\nchecking for memcpy... yes\nchecking for memmove... yes\nchecking for memrchr... yes\nchecking for mkstemp... yes\nchecking for mktemp... yes\nchecking for pipe... yes\nchecking for read... yes\nchecking for recv... yes\nchecking for recvfrom... yes\nchecking for setpwfile... no\nchecking for setgid... yes\nchecking for setegid... yes\nchecking for setsid... yes\nchecking for setuid... yes\nchecking for seteuid... yes\nchecking for signal... yes\nchecking for strdup... yes\nchecking for strpbrk... yes\nchecking for strrchr... yes\nchecking for strsep... yes\nchecking for strstr... yes\nchecking for strtol... yes\nchecking for strtoul... yes\nchecking for strtoq... yes\nchecking for strtouq... yes\nchecking for strtoll... yes\nchecking for strtoull... yes\nchecking for strspn... yes\nchecking for sysconf... yes\nchecking for waitpid... yes\nchecking for wait4... yes\nchecking for write... yes\nchecking for send... yes\nchecking for sendmsg... yes\nchecking for sendto... yes\nchecking for getopt... yes\nchecking for getpeereid... no\nchecking for getpeerucred... no\nchecking for struct msghdr.msg_accrightslen... no\nchecking for struct msghdr.msg_control... yes\nchecking for struct stat.st_fstype... no\nchecking for struct stat.st_vfstype... no\nconfigure: creating .\/config.status\nconfig.status: creating Makefile\nconfig.status: creating doc\/Makefile\nconfig.status: creating doc\/man\/Makefile\nconfig.status: creating doc\/man\/man1\/Makefile\nconfig.status: creating doc\/man\/man3\/Makefile\nconfig.status: creating doc\/man\/man5\/Makefile\nconfig.status: creating doc\/man\/man8\/Makefile\nconfig.status: creating clients\/Makefile\nconfig.status: creating clients\/tools\/Makefile\nconfig.status: creating include\/Makefile\nconfig.status: creating libraries\/Makefile\nconfig.status: creating libraries\/liblber\/Makefile\nconfig.status: creating libraries\/liblber\/lber.pc\nconfig.status: creating libraries\/libldap\/Makefile\nconfig.status: creating libraries\/libldap\/ldap.pc\nconfig.status: creating libraries\/liblunicode\/Makefile\nconfig.status: creating libraries\/liblutil\/Makefile\nconfig.status: creating libraries\/librewrite\/Makefile\nconfig.status: creating servers\/Makefile\nconfig.status: creating servers\/slapd\/Makefile\nconfig.status: creating servers\/slapd\/back-dnssrv\/Makefile\nconfig.status: creating servers\/slapd\/back-ldap\/Makefile\nconfig.status: creating servers\/slapd\/back-ldif\/Makefile\nconfig.status: creating servers\/slapd\/back-mdb\/Makefile\nconfig.status: creating servers\/slapd\/back-meta\/Makefile\nconfig.status: creating servers\/slapd\/back-asyncmeta\/Makefile\nconfig.status: creating servers\/slapd\/back-monitor\/Makefile\nconfig.status: creating servers\/slapd\/back-null\/Makefile\nconfig.status: creating servers\/slapd\/back-passwd\/Makefile\nconfig.status: creating servers\/slapd\/back-perl\/Makefile\nconfig.status: creating servers\/slapd\/back-relay\/Makefile\nconfig.status: creating servers\/slapd\/back-sock\/Makefile\nconfig.status: creating servers\/slapd\/back-sql\/Makefile\nconfig.status: creating servers\/slapd\/back-wt\/Makefile\nconfig.status: creating servers\/slapd\/slapi\/Makefile\nconfig.status: creating servers\/slapd\/overlays\/Makefile\nconfig.status: creating servers\/slapd\/pwmods\/Makefile\nconfig.status: creating servers\/lloadd\/Makefile\nconfig.status: creating servers\/lloadd\/Makefile.server\nconfig.status: creating servers\/lloadd\/Makefile.module\nconfig.status: creating tests\/Makefile\nconfig.status: creating tests\/run\nconfig.status: creating tests\/progs\/Makefile\nconfig.status: creating include\/portable.h\nconfig.status: creating include\/ldap_features.h\nconfig.status: creating include\/lber_types.h\nconfig.status: executing libtool commands\nconfig.status: executing default commands\nMaking servers\/slapd\/backends.c\n    Add config ...\n    Add ldif ...\n    Add monitor ...\nMaking servers\/slapd\/overlays\/statover.c\nPlease run \"make depend\" to build dependencies\n<\/code><\/pre>\n\n\n\n<p>Next, run the&nbsp;<code><strong>make depend<\/strong><\/code>&nbsp;command to build OpenLDAP dependencies.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>make depend<\/code><\/pre>\n\n\n\n<p>Compile OpenLDAP on Ubuntu 22.04.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>make<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>make install<\/code><\/pre>\n\n\n\n<p>Sample installation output;<\/p>\n\n\n\n<pre class=\"scroll-box\"><code>\n----------------------------------------------------------------------\nLibraries have been installed in:\n   \/usr\/libexec\/openldap\n\nIf you ever happen to want to link against installed libraries\nin a given directory, LIBDIR, you must either use libtool, and\nspecify the full pathname of the library, or use the '-LLIBDIR'\nflag during linking and do at least one of the following:\n   - add LIBDIR to the 'LD_LIBRARY_PATH' environment variable\n     during execution\n   - add LIBDIR to the 'LD_RUN_PATH' environment variable\n     during linking\n   - use the '-Wl,-rpath -Wl,LIBDIR' linker flag\n   - have your system administrator add LIBDIR to '\/etc\/ld.so.conf'\n\nSee any operating system documentation about shared libraries for\nmore information, such as the ld(1) and ld.so(8) manual pages.\n----------------------------------------------------------------------\nmake[3]: Leaving directory '\/root\/openldap-2.6.0\/servers\/slapd\/overlays'\n\n  cd pwmods && make -w install\nmake[3]: Entering directory '\/root\/openldap-2.6.0\/servers\/slapd\/pwmods'\nmake[3]: Leaving directory '\/root\/openldap-2.6.0\/servers\/slapd\/pwmods'\n..\/..\/build\/shtool mkdir -p \/usr\/sbin\nfor i in slapadd slapcat slapdn slapindex slapmodify slappasswd slaptest slapauth slapacl slapschema; do \\\n\trm -f \/usr\/sbin\/$i; \\\n\t..\/..\/build\/shtool mkln -s -f \/usr\/libexec\/slapd \/usr\/sbin\/$i; \\\ndone\n..\/..\/build\/shtool install -c  -m 600 slapd.conf.tmp \/etc\/openldap\/slapd.conf.default\nif test ! -f \/etc\/openldap\/slapd.conf; then \\\n\techo \"installing slapd.conf in \/etc\/openldap\"; \\\n\techo \"..\/..\/build\/shtool install -c  -m 600 slapd.conf.tmp \/etc\/openldap\/slapd.conf\"; \\\n\t..\/..\/build\/shtool install -c  -m 600 slapd.conf.tmp \/etc\/openldap\/slapd.conf; \\\nelse \\\n\techo \"PRESERVING EXISTING CONFIGURATION FILE \/etc\/openldap\/slapd.conf\" ; \\\nfi\ninstalling slapd.conf in \/etc\/openldap\n..\/..\/build\/shtool install -c  -m 600 slapd.conf.tmp \/etc\/openldap\/slapd.conf\n..\/..\/build\/shtool install -c  -m 600 slapd.ldif.tmp \/etc\/openldap\/slapd.ldif.default\nif test ! -f \/etc\/openldap\/slapd.ldif; then \\\n\techo \"installing slapd.ldif in \/etc\/openldap\"; \\\n\techo \"..\/..\/build\/shtool install -c  -m 600 slapd.ldif.tmp \/etc\/openldap\/slapd.ldif\"; \\\n\t..\/..\/build\/shtool install -c  -m 600 slapd.ldif.tmp \/etc\/openldap\/slapd.ldif; \\\nelse \\\n\techo \"PRESERVING EXISTING CONFIGURATION FILE \/etc\/openldap\/slapd.ldif\" ; \\\nfi\ninstalling slapd.ldif in \/etc\/openldap\n..\/..\/build\/shtool install -c  -m 600 slapd.ldif.tmp \/etc\/openldap\/slapd.ldif\nif test -n \"\/usr\/lib\/systemd\/system\" && test ! -f \/usr\/lib\/systemd\/system\/slapd.service; then \\\n\t..\/..\/build\/shtool mkdir -p \/usr\/lib\/systemd\/system; \\\n\techo \"installing slapd.service in \/usr\/lib\/systemd\/system\"; \\\n\techo \"..\/..\/build\/shtool install -c  -m 644 slapd.service.tmp \/usr\/lib\/systemd\/system\/slapd.service\"; \\\n\t..\/..\/build\/shtool install -c  -m 644 slapd.service.tmp \/usr\/lib\/systemd\/system\/slapd.service; \\\nfi\ninstalling slapd.service in \/usr\/lib\/systemd\/system\n..\/..\/build\/shtool install -c  -m 644 slapd.service.tmp \/usr\/lib\/systemd\/system\/slapd.service\n..\/..\/build\/shtool mkdir -p \/etc\/openldap\/schema\n..\/..\/build\/shtool install -c -m 444 schema\/README \/etc\/openldap\/schema\/README\n..\/..\/build\/shtool install -c -m 444 schema\/collective.ldif \/etc\/openldap\/schema\/collective.ldif\n..\/..\/build\/shtool install -c -m 444 schema\/corba.ldif \/etc\/openldap\/schema\/corba.ldif\n..\/..\/build\/shtool install -c -m 444 schema\/core.ldif \/etc\/openldap\/schema\/core.ldif\n..\/..\/build\/shtool install -c -m 444 schema\/cosine.ldif \/etc\/openldap\/schema\/cosine.ldif\n..\/..\/build\/shtool install -c -m 444 schema\/dsee.ldif \/etc\/openldap\/schema\/dsee.ldif\n..\/..\/build\/shtool install -c -m 444 schema\/duaconf.ldif \/etc\/openldap\/schema\/duaconf.ldif\n..\/..\/build\/shtool install -c -m 444 schema\/dyngroup.ldif \/etc\/openldap\/schema\/dyngroup.ldif\n..\/..\/build\/shtool install -c -m 444 schema\/inetorgperson.ldif \/etc\/openldap\/schema\/inetorgperson.ldif\n..\/..\/build\/shtool install -c -m 444 schema\/java.ldif \/etc\/openldap\/schema\/java.ldif\n..\/..\/build\/shtool install -c -m 444 schema\/misc.ldif \/etc\/openldap\/schema\/misc.ldif\n..\/..\/build\/shtool install -c -m 444 schema\/msuser.ldif \/etc\/openldap\/schema\/msuser.ldif\n..\/..\/build\/shtool install -c -m 444 schema\/namedobject.ldif \/etc\/openldap\/schema\/namedobject.ldif\n..\/..\/build\/shtool install -c -m 444 schema\/nis.ldif \/etc\/openldap\/schema\/nis.ldif\n..\/..\/build\/shtool install -c -m 444 schema\/openldap.ldif \/etc\/openldap\/schema\/openldap.ldif\n..\/..\/build\/shtool install -c -m 444 schema\/pmi.ldif \/etc\/openldap\/schema\/pmi.ldif\n..\/..\/build\/shtool install -c -m 444 schema\/collective.schema \/etc\/openldap\/schema\/collective.schema\n..\/..\/build\/shtool install -c -m 444 schema\/corba.schema \/etc\/openldap\/schema\/corba.schema\n..\/..\/build\/shtool install -c -m 444 schema\/core.schema \/etc\/openldap\/schema\/core.schema\n..\/..\/build\/shtool install -c -m 444 schema\/cosine.schema \/etc\/openldap\/schema\/cosine.schema\n..\/..\/build\/shtool install -c -m 444 schema\/dsee.schema \/etc\/openldap\/schema\/dsee.schema\n..\/..\/build\/shtool install -c -m 444 schema\/duaconf.schema \/etc\/openldap\/schema\/duaconf.schema\n..\/..\/build\/shtool install -c -m 444 schema\/dyngroup.schema \/etc\/openldap\/schema\/dyngroup.schema\n..\/..\/build\/shtool install -c -m 444 schema\/inetorgperson.schema \/etc\/openldap\/schema\/inetorgperson.schema\n..\/..\/build\/shtool install -c -m 444 schema\/java.schema \/etc\/openldap\/schema\/java.schema\n..\/..\/build\/shtool install -c -m 444 schema\/misc.schema \/etc\/openldap\/schema\/misc.schema\n..\/..\/build\/shtool install -c -m 444 schema\/msuser.schema \/etc\/openldap\/schema\/msuser.schema\n..\/..\/build\/shtool install -c -m 444 schema\/namedobject.schema \/etc\/openldap\/schema\/namedobject.schema\n..\/..\/build\/shtool install -c -m 444 schema\/nis.schema \/etc\/openldap\/schema\/nis.schema\n..\/..\/build\/shtool install -c -m 444 schema\/openldap.schema \/etc\/openldap\/schema\/openldap.schema\n..\/..\/build\/shtool install -c -m 444 schema\/pmi.schema \/etc\/openldap\/schema\/pmi.schema\nmake[2]: Leaving directory '\/root\/openldap-2.6.0\/servers\/slapd'\n \n  Entering subdirectory lloadd\nmake[2]: Entering directory '\/root\/openldap-2.6.0\/servers\/lloadd'\nmake[2]: Nothing to be done for 'install'.\nmake[2]: Leaving directory '\/root\/openldap-2.6.0\/servers\/lloadd'\n \nmake[1]: Leaving directory '\/root\/openldap-2.6.0\/servers'\n \n  Entering subdirectory tests\nmake[1]: Entering directory '\/root\/openldap-2.6.0\/tests'\nMaking install in \/root\/openldap-2.6.0\/tests\n  Entering subdirectory progs\nmake[2]: Entering directory '\/root\/openldap-2.6.0\/tests\/progs'\nmake[2]: Nothing to be done for 'install'.\nmake[2]: Leaving directory '\/root\/openldap-2.6.0\/tests\/progs'\n \nmake[1]: Leaving directory '\/root\/openldap-2.6.0\/tests'\n \n  Entering subdirectory doc\nmake[1]: Entering directory '\/root\/openldap-2.6.0\/doc'\nMaking install in \/root\/openldap-2.6.0\/doc\n  Entering subdirectory man\nmake[2]: Entering directory '\/root\/openldap-2.6.0\/doc\/man'\nMaking install in \/root\/openldap-2.6.0\/doc\/man\n  Entering subdirectory man1\nmake[3]: Entering directory '\/root\/openldap-2.6.0\/doc\/man\/man1'\n..\/..\/..\/build\/shtool mkdir -p \/usr\/share\/man\/man1\nPAGES=`cd .; echo *.1`; \\\nfor page in $PAGES; do \\\n\techo \"installing $page in \/usr\/share\/man\/man1\"; \\\n\trm -f \/usr\/share\/man\/man1\/$page; \\\n\t..\/..\/..\/build\/shtool install -c  -m 644 $page.tmp \/usr\/share\/man\/man1\/$page; \\\n\tif test -f \".\/$page.links\" ; then \\\n\t\tfor link in `cat .\/$page.links`; do \\\n\t\t\techo \"installing $link in \/usr\/share\/man\/man1 as link to $page\"; \\\n\t\t\trm -f \/usr\/share\/man\/man1\/$link ; \\\n\t\t\t..\/..\/..\/build\/shtool mkln -s \/usr\/share\/man\/man1\/$page \/usr\/share\/man\/man1\/$link; \\\n\t\tdone; \\\n\tfi; \\\ndone\ninstalling ldapcompare.1 in \/usr\/share\/man\/man1\ninstalling ldapdelete.1 in \/usr\/share\/man\/man1\ninstalling ldapexop.1 in \/usr\/share\/man\/man1\ninstalling ldapmodify.1 in \/usr\/share\/man\/man1\ninstalling ldapadd.1 in \/usr\/share\/man\/man1 as link to ldapmodify.1\ninstalling ldapmodrdn.1 in \/usr\/share\/man\/man1\ninstalling ldappasswd.1 in \/usr\/share\/man\/man1\ninstalling ldapsearch.1 in \/usr\/share\/man\/man1\ninstalling ldapurl.1 in \/usr\/share\/man\/man1\ninstalling ldapvc.1 in \/usr\/share\/man\/man1\ninstalling ldapwhoami.1 in \/usr\/share\/man\/man1\nmake[3]: Leaving directory '\/root\/openldap-2.6.0\/doc\/man\/man1'\n \n  Entering subdirectory man3\nmake[3]: Entering directory '\/root\/openldap-2.6.0\/doc\/man\/man3'\n..\/..\/..\/build\/shtool mkdir -p \/usr\/share\/man\/man3\nPAGES=`cd .; echo *.3`; \\\nfor page in $PAGES; do \\\n\techo \"installing $page in \/usr\/share\/man\/man3\"; \\\n\trm -f \/usr\/share\/man\/man3\/$page; \\\n\t..\/..\/..\/build\/shtool install -c  -m 644 $page.tmp \/usr\/share\/man\/man3\/$page; \\\n\tif test -f \".\/$page.links\" ; then \\\n\t\tfor link in `cat .\/$page.links`; do \\\n\t\t\techo \"installing $link in \/usr\/share\/man\/man3 as link to $page\"; \\\n\t\t\trm -f \/usr\/share\/man\/man3\/$link ; \\\n\t\t\t..\/..\/..\/build\/shtool mkln -s \/usr\/share\/man\/man3\/$page \/usr\/share\/man\/man3\/$link; \\\n\t\tdone; \\\n\tfi; \\\ndone\ninstalling lber-decode.3 in \/usr\/share\/man\/man3\ninstalling ber_get_next.3 in \/usr\/share\/man\/man3 as link to lber-decode.3\ninstalling ber_skip_tag.3 in \/usr\/share\/man\/man3 as link to lber-decode.3\ninstalling ber_peek_tag.3 in \/usr\/share\/man\/man3 as link to lber-decode.3\ninstalling ber_scanf.3 in \/usr\/share\/man\/man3 as link to lber-decode.3\ninstalling ber_get_int.3 in \/usr\/share\/man\/man3 as link to lber-decode.3\ninstalling ber_get_stringa.3 in \/usr\/share\/man\/man3 as link to lber-decode.3\ninstalling ber_get_stringb.3 in \/usr\/share\/man\/man3 as link to lber-decode.3\ninstalling ber_get_null.3 in \/usr\/share\/man\/man3 as link to lber-decode.3\ninstalling ber_get_enum.3 in \/usr\/share\/man\/man3 as link to lber-decode.3\ninstalling ber_get_boolean.3 in \/usr\/share\/man\/man3 as link to lber-decode.3\ninstalling ber_get_bitstring.3 in \/usr\/share\/man\/man3 as link to lber-decode.3\ninstalling ber_first_element.3 in \/usr\/share\/man\/man3 as link to lber-decode.3\ninstalling ber_next_element.3 in \/usr\/share\/man\/man3 as link to lber-decode.3\ninstalling lber-encode.3 in \/usr\/share\/man\/man3\ninstalling ber_alloc_t.3 in \/usr\/share\/man\/man3 as link to lber-encode.3\ninstalling ber_flush.3 in \/usr\/share\/man\/man3 as link to lber-encode.3\ninstalling ber_printf.3 in \/usr\/share\/man\/man3 as link to lber-encode.3\ninstalling ber_put_int.3 in \/usr\/share\/man\/man3 as link to lber-encode.3\ninstalling ber_put_ostring.3 in \/usr\/share\/man\/man3 as link to lber-encode.3\ninstalling ber_put_string.3 in \/usr\/share\/man\/man3 as link to lber-encode.3\ninstalling ber_put_null.3 in \/usr\/share\/man\/man3 as link to lber-encode.3\ninstalling ber_put_enum.3 in \/usr\/share\/man\/man3 as link to lber-encode.3\ninstalling ber_start_set.3 in \/usr\/share\/man\/man3 as link to lber-encode.3\ninstalling ber_put_seq.3 in \/usr\/share\/man\/man3 as link to lber-encode.3\ninstalling ber_put_set.3 in \/usr\/share\/man\/man3 as link to lber-encode.3\ninstalling lber-memory.3 in \/usr\/share\/man\/man3\ninstalling lber-sockbuf.3 in \/usr\/share\/man\/man3\ninstalling lber-types.3 in \/usr\/share\/man\/man3\ninstalling ber_bvarray_add.3 in \/usr\/share\/man\/man3 as link to lber-types.3\ninstalling ber_bvarray_free.3 in \/usr\/share\/man\/man3 as link to lber-types.3\ninstalling ber_bvdup.3 in \/usr\/share\/man\/man3 as link to lber-types.3\ninstalling ber_bvecadd.3 in \/usr\/share\/man\/man3 as link to lber-types.3\ninstalling ber_bvecfree.3 in \/usr\/share\/man\/man3 as link to lber-types.3\ninstalling ber_bvfree.3 in \/usr\/share\/man\/man3 as link to lber-types.3\ninstalling ber_bvstr.3 in \/usr\/share\/man\/man3 as link to lber-types.3\ninstalling ber_bvstrdup.3 in \/usr\/share\/man\/man3 as link to lber-types.3\ninstalling ber_dupbv.3 in \/usr\/share\/man\/man3 as link to lber-types.3\ninstalling ber_free.3 in \/usr\/share\/man\/man3 as link to lber-types.3\ninstalling ber_str2bv.3 in \/usr\/share\/man\/man3 as link to lber-types.3\ninstalling ldap.3 in \/usr\/share\/man\/man3\ninstalling ldap_abandon.3 in \/usr\/share\/man\/man3\ninstalling ldap_abandon_ext.3 in \/usr\/share\/man\/man3 as link to ldap_abandon.3\ninstalling ldap_add.3 in \/usr\/share\/man\/man3\ninstalling ldap_add_s.3 in \/usr\/share\/man\/man3 as link to ldap_add.3\ninstalling ldap_add_ext.3 in \/usr\/share\/man\/man3 as link to ldap_add.3\ninstalling ldap_add_ext_s.3 in \/usr\/share\/man\/man3 as link to ldap_add.3\ninstalling ldap_bind.3 in \/usr\/share\/man\/man3\ninstalling ldap_bind_s.3 in \/usr\/share\/man\/man3 as link to ldap_bind.3\ninstalling ldap_simple_bind.3 in \/usr\/share\/man\/man3 as link to ldap_bind.3\ninstalling ldap_simple_bind_s.3 in \/usr\/share\/man\/man3 as link to ldap_bind.3\ninstalling ldap_sasl_bind.3 in \/usr\/share\/man\/man3 as link to ldap_bind.3\ninstalling ldap_sasl_bind_s.3 in \/usr\/share\/man\/man3 as link to ldap_bind.3\ninstalling ldap_unbind.3 in \/usr\/share\/man\/man3 as link to ldap_bind.3\ninstalling ldap_unbind_ext.3 in \/usr\/share\/man\/man3 as link to ldap_bind.3\ninstalling ldap_unbind_s.3 in \/usr\/share\/man\/man3 as link to ldap_bind.3\ninstalling ldap_unbind_ext_s.3 in \/usr\/share\/man\/man3 as link to ldap_bind.3\ninstalling ldap_set_rebind_proc.3 in \/usr\/share\/man\/man3 as link to ldap_bind.3\ninstalling ldap_compare.3 in \/usr\/share\/man\/man3\ninstalling ldap_compare_s.3 in \/usr\/share\/man\/man3 as link to ldap_compare.3\ninstalling ldap_compare_ext.3 in \/usr\/share\/man\/man3 as link to ldap_compare.3\ninstalling ldap_compare_ext_s.3 in \/usr\/share\/man\/man3 as link to ldap_compare.3\ninstalling ldap_controls.3 in \/usr\/share\/man\/man3\ninstalling ldap_control_create.3 in \/usr\/share\/man\/man3 as link to ldap_controls.3\ninstalling ldap_control_find.3 in \/usr\/share\/man\/man3 as link to ldap_controls.3\ninstalling ldap_control_dup.3 in \/usr\/share\/man\/man3 as link to ldap_controls.3\ninstalling ldap_controls_dup.3 in \/usr\/share\/man\/man3 as link to ldap_controls.3\ninstalling ldap_control_free.3 in \/usr\/share\/man\/man3 as link to ldap_controls.3\ninstalling ldap_controls_free.3 in \/usr\/share\/man\/man3 as link to ldap_controls.3\ninstalling ldap_delete.3 in \/usr\/share\/man\/man3\ninstalling ldap_delete_s.3 in \/usr\/share\/man\/man3 as link to ldap_delete.3\ninstalling ldap_delete_ext.3 in \/usr\/share\/man\/man3 as link to ldap_delete.3\ninstalling ldap_delete_ext_s.3 in \/usr\/share\/man\/man3 as link to ldap_delete.3\ninstalling ldap_dup.3 in \/usr\/share\/man\/man3\ninstalling ldap_destroy.3 in \/usr\/share\/man\/man3 as link to ldap_dup.3\ninstalling ldap_error.3 in \/usr\/share\/man\/man3\ninstalling ldap_perror.3 in \/usr\/share\/man\/man3 as link to ldap_error.3\ninstalling ld_errno.3 in \/usr\/share\/man\/man3 as link to ldap_error.3\ninstalling ldap_result2error.3 in \/usr\/share\/man\/man3 as link to ldap_error.3\ninstalling ldap_errlist.3 in \/usr\/share\/man\/man3 as link to ldap_error.3\ninstalling ldap_err2string.3 in \/usr\/share\/man\/man3 as link to ldap_error.3\ninstalling ldap_extended_operation.3 in \/usr\/share\/man\/man3\ninstalling ldap_extended_operation_s.3 in \/usr\/share\/man\/man3 as link to ldap_extended_operation.3\ninstalling ldap_first_attribute.3 in \/usr\/share\/man\/man3\ninstalling ldap_next_attribute.3 in \/usr\/share\/man\/man3 as link to ldap_first_attribute.3\ninstalling ldap_get_attribute_ber.3 in \/usr\/share\/man\/man3 as link to ldap_first_attribute.3\ninstalling ldap_first_entry.3 in \/usr\/share\/man\/man3\ninstalling ldap_next_entry.3 in \/usr\/share\/man\/man3 as link to ldap_first_entry.3\ninstalling ldap_count_entries.3 in \/usr\/share\/man\/man3 as link to ldap_first_entry.3\ninstalling ldap_first_message.3 in \/usr\/share\/man\/man3\ninstalling ldap_next_message.3 in \/usr\/share\/man\/man3 as link to ldap_first_message.3\ninstalling ldap_count_messages.3 in \/usr\/share\/man\/man3 as link to ldap_first_message.3\ninstalling ldap_first_reference.3 in \/usr\/share\/man\/man3\ninstalling ldap_next_reference.3 in \/usr\/share\/man\/man3 as link to ldap_first_reference.3\ninstalling ldap_count_references.3 in \/usr\/share\/man\/man3 as link to ldap_first_reference.3\ninstalling ldap_get_dn.3 in \/usr\/share\/man\/man3\ninstalling ldap_explode_dn.3 in \/usr\/share\/man\/man3 as link to ldap_get_dn.3\ninstalling ldap_explode_rdn.3 in \/usr\/share\/man\/man3 as link to ldap_get_dn.3\ninstalling ldap_dn2ufn.3 in \/usr\/share\/man\/man3 as link to ldap_get_dn.3\ninstalling ldap_str2dn.3 in \/usr\/share\/man\/man3 as link to ldap_get_dn.3\ninstalling ldap_dnfree.3 in \/usr\/share\/man\/man3 as link to ldap_get_dn.3\ninstalling ldap_dn2str.3 in \/usr\/share\/man\/man3 as link to ldap_get_dn.3\ninstalling ldap_dn2dcedn.3 in \/usr\/share\/man\/man3 as link to ldap_get_dn.3\ninstalling ldap_dcedn2dn.3 in \/usr\/share\/man\/man3 as link to ldap_get_dn.3\ninstalling ldap_dn2ad_canonical.3 in \/usr\/share\/man\/man3 as link to ldap_get_dn.3\ninstalling ldap_get_option.3 in \/usr\/share\/man\/man3\ninstalling ldap_set_option.3 in \/usr\/share\/man\/man3 as link to ldap_get_option.3\ninstalling ldap_get_values.3 in \/usr\/share\/man\/man3\ninstalling ldap_get_values_len.3 in \/usr\/share\/man\/man3 as link to ldap_get_values.3\ninstalling ldap_value_free.3 in \/usr\/share\/man\/man3 as link to ldap_get_values.3\ninstalling ldap_value_free_len.3 in \/usr\/share\/man\/man3 as link to ldap_get_values.3\ninstalling ldap_count_values.3 in \/usr\/share\/man\/man3 as link to ldap_get_values.3\ninstalling ldap_count_values_len.3 in \/usr\/share\/man\/man3 as link to ldap_get_values.3\ninstalling ldap_memory.3 in \/usr\/share\/man\/man3\ninstalling ldap_memfree.3 in \/usr\/share\/man\/man3 as link to ldap_memory.3\ninstalling ldap_memvfree.3 in \/usr\/share\/man\/man3 as link to ldap_memory.3\ninstalling ldap_memalloc.3 in \/usr\/share\/man\/man3 as link to ldap_memory.3\ninstalling ldap_memcalloc.3 in \/usr\/share\/man\/man3 as link to ldap_memory.3\ninstalling ldap_memrealloc.3 in \/usr\/share\/man\/man3 as link to ldap_memory.3\ninstalling ldap_strdup.3 in \/usr\/share\/man\/man3 as link to ldap_memory.3\ninstalling ldap_modify.3 in \/usr\/share\/man\/man3\ninstalling ldap_modify_s.3 in \/usr\/share\/man\/man3 as link to ldap_modify.3\ninstalling ldap_modify_ext.3 in \/usr\/share\/man\/man3 as link to ldap_modify.3\ninstalling ldap_modify_ext_s.3 in \/usr\/share\/man\/man3 as link to ldap_modify.3\ninstalling ldap_mods_free.3 in \/usr\/share\/man\/man3 as link to ldap_modify.3\ninstalling ldap_modrdn.3 in \/usr\/share\/man\/man3\ninstalling ldap_modrdn_s.3 in \/usr\/share\/man\/man3 as link to ldap_modrdn.3\ninstalling ldap_modrdn2.3 in \/usr\/share\/man\/man3 as link to ldap_modrdn.3\ninstalling ldap_modrdn2_s.3 in \/usr\/share\/man\/man3 as link to ldap_modrdn.3\ninstalling ldap_open.3 in \/usr\/share\/man\/man3\ninstalling ldap_init.3 in \/usr\/share\/man\/man3 as link to ldap_open.3\ninstalling ldap_initialize.3 in \/usr\/share\/man\/man3 as link to ldap_open.3\ninstalling ldap_set_urllist_proc.3 in \/usr\/share\/man\/man3 as link to ldap_open.3\ninstalling ldap_init_fd.3 in \/usr\/share\/man\/man3 as link to ldap_open.3\ninstalling ldap_parse_reference.3 in \/usr\/share\/man\/man3\ninstalling ldap_parse_result.3 in \/usr\/share\/man\/man3\ninstalling ldap_parse_sasl_bind_result.3 in \/usr\/share\/man\/man3 as link to ldap_parse_result.3\ninstalling ldap_parse_extended_result.3 in \/usr\/share\/man\/man3 as link to ldap_parse_result.3\ninstalling ldap_parse_intermediate.3 in \/usr\/share\/man\/man3 as link to ldap_parse_result.3\ninstalling ldap_parse_sort_control.3 in \/usr\/share\/man\/man3\ninstalling ldap_parse_vlv_control.3 in \/usr\/share\/man\/man3\ninstalling ldap_rename.3 in \/usr\/share\/man\/man3\ninstalling ldap_rename_s.3 in \/usr\/share\/man\/man3 as link to ldap_rename.3\ninstalling ldap_result.3 in \/usr\/share\/man\/man3\ninstalling ldap_msgfree.3 in \/usr\/share\/man\/man3 as link to ldap_result.3\ninstalling ldap_msgtype.3 in \/usr\/share\/man\/man3 as link to ldap_result.3\ninstalling ldap_msgid.3 in \/usr\/share\/man\/man3 as link to ldap_result.3\ninstalling ldap_schema.3 in \/usr\/share\/man\/man3\ninstalling ldap_str2syntax.3 in \/usr\/share\/man\/man3 as link to ldap_schema.3\ninstalling ldap_syntax2str.3 in \/usr\/share\/man\/man3 as link to ldap_schema.3\ninstalling ldap_syntax2name.3 in \/usr\/share\/man\/man3 as link to ldap_schema.3\ninstalling ldap_syntax_free.3 in \/usr\/share\/man\/man3 as link to ldap_schema.3\ninstalling ldap_str2matchingrule.3 in \/usr\/share\/man\/man3 as link to ldap_schema.3\ninstalling ldap_matchingrule2str.3 in \/usr\/share\/man\/man3 as link to ldap_schema.3\ninstalling ldap_matchingrule2name.3 in \/usr\/share\/man\/man3 as link to ldap_schema.3\ninstalling ldap_matchingrule_free.3 in \/usr\/share\/man\/man3 as link to ldap_schema.3\ninstalling ldap_str2attributetype.3 in \/usr\/share\/man\/man3 as link to ldap_schema.3\ninstalling ldap_attributetype2str.3 in \/usr\/share\/man\/man3 as link to ldap_schema.3\ninstalling ldap_attributetype2name.3 in \/usr\/share\/man\/man3 as link to ldap_schema.3\ninstalling ldap_attributetype_free.3 in \/usr\/share\/man\/man3 as link to ldap_schema.3\ninstalling ldap_str2objectclass.3 in \/usr\/share\/man\/man3 as link to ldap_schema.3\ninstalling ldap_objectclass2str.3 in \/usr\/share\/man\/man3 as link to ldap_schema.3\ninstalling ldap_objectclass2name.3 in \/usr\/share\/man\/man3 as link to ldap_schema.3\ninstalling ldap_objectclass_free.3 in \/usr\/share\/man\/man3 as link to ldap_schema.3\ninstalling ldap_scherr2str.3 in \/usr\/share\/man\/man3 as link to ldap_schema.3\ninstalling ldap_search.3 in \/usr\/share\/man\/man3\ninstalling ldap_search_s.3 in \/usr\/share\/man\/man3 as link to ldap_search.3\ninstalling ldap_search_st.3 in \/usr\/share\/man\/man3 as link to ldap_search.3\ninstalling ldap_search_ext.3 in \/usr\/share\/man\/man3 as link to ldap_search.3\ninstalling ldap_search_ext_s.3 in \/usr\/share\/man\/man3 as link to ldap_search.3\ninstalling ldap_sort.3 in \/usr\/share\/man\/man3\ninstalling ldap_sort_entries.3 in \/usr\/share\/man\/man3 as link to ldap_sort.3\ninstalling ldap_sort_values.3 in \/usr\/share\/man\/man3 as link to ldap_sort.3\ninstalling ldap_sort_strcasecmp.3 in \/usr\/share\/man\/man3 as link to ldap_sort.3\ninstalling ldap_sync.3 in \/usr\/share\/man\/man3\ninstalling ldap_tls.3 in \/usr\/share\/man\/man3\ninstalling ldap_start_tls.3 in \/usr\/share\/man\/man3 as link to ldap_tls.3\ninstalling ldap_start_tls_s.3 in \/usr\/share\/man\/man3 as link to ldap_tls.3\ninstalling ldap_tls_inplace.3 in \/usr\/share\/man\/man3 as link to ldap_tls.3\ninstalling ldap_install_tls.3 in \/usr\/share\/man\/man3 as link to ldap_tls.3\ninstalling ldap_url.3 in \/usr\/share\/man\/man3\ninstalling ldap_is_ldap_url.3 in \/usr\/share\/man\/man3 as link to ldap_url.3\ninstalling ldap_url_parse.3 in \/usr\/share\/man\/man3 as link to ldap_url.3\ninstalling ldap_free_urldesc.3 in \/usr\/share\/man\/man3 as link to ldap_url.3\nmake[3]: Leaving directory '\/root\/openldap-2.6.0\/doc\/man\/man3'\n \n  Entering subdirectory man5\nmake[3]: Entering directory '\/root\/openldap-2.6.0\/doc\/man\/man5'\n..\/..\/..\/build\/shtool mkdir -p \/usr\/share\/man\/man5\nPAGES=`cd .; echo *.5`; \\\nfor page in $PAGES; do \\\n\techo \"installing $page in \/usr\/share\/man\/man5\"; \\\n\trm -f \/usr\/share\/man\/man5\/$page; \\\n\t..\/..\/..\/build\/shtool install -c  -m 644 $page.tmp \/usr\/share\/man\/man5\/$page; \\\n\tif test -f \".\/$page.links\" ; then \\\n\t\tfor link in `cat .\/$page.links`; do \\\n\t\t\techo \"installing $link in \/usr\/share\/man\/man5 as link to $page\"; \\\n\t\t\trm -f \/usr\/share\/man\/man5\/$link ; \\\n\t\t\t..\/..\/..\/build\/shtool mkln -s \/usr\/share\/man\/man5\/$page \/usr\/share\/man\/man5\/$link; \\\n\t\tdone; \\\n\tfi; \\\ndone\ninstalling ldap.conf.5 in \/usr\/share\/man\/man5\ninstalling ldif.5 in \/usr\/share\/man\/man5\ninstalling lloadd.conf.5 in \/usr\/share\/man\/man5\ninstalling slapd-asyncmeta.5 in \/usr\/share\/man\/man5\ninstalling slapd-config.5 in \/usr\/share\/man\/man5\ninstalling slapd-dnssrv.5 in \/usr\/share\/man\/man5\ninstalling slapd-ldap.5 in \/usr\/share\/man\/man5\ninstalling slapd-ldif.5 in \/usr\/share\/man\/man5\ninstalling slapd-mdb.5 in \/usr\/share\/man\/man5\ninstalling slapd-meta.5 in \/usr\/share\/man\/man5\ninstalling slapd-monitor.5 in \/usr\/share\/man\/man5\ninstalling slapd-null.5 in \/usr\/share\/man\/man5\ninstalling slapd-passwd.5 in \/usr\/share\/man\/man5\ninstalling slapd-perl.5 in \/usr\/share\/man\/man5\ninstalling slapd-relay.5 in \/usr\/share\/man\/man5\ninstalling slapd-sock.5 in \/usr\/share\/man\/man5\ninstalling slapo-sock.5 in \/usr\/share\/man\/man5 as link to slapd-sock.5\ninstalling slapd-sql.5 in \/usr\/share\/man\/man5\ninstalling slapd-wt.5 in \/usr\/share\/man\/man5\ninstalling slapd.access.5 in \/usr\/share\/man\/man5\ninstalling slapd.backends.5 in \/usr\/share\/man\/man5\ninstalling slapd.conf.5 in \/usr\/share\/man\/man5\ninstalling slapd.overlays.5 in \/usr\/share\/man\/man5\ninstalling slapd.plugin.5 in \/usr\/share\/man\/man5\ninstalling slapo-accesslog.5 in \/usr\/share\/man\/man5\ninstalling slapo-auditlog.5 in \/usr\/share\/man\/man5\ninstalling slapo-autoca.5 in \/usr\/share\/man\/man5\ninstalling slapo-chain.5 in \/usr\/share\/man\/man5\ninstalling slapo-collect.5 in \/usr\/share\/man\/man5\ninstalling slapo-constraint.5 in \/usr\/share\/man\/man5\ninstalling slapo-dds.5 in \/usr\/share\/man\/man5\ninstalling slapo-deref.5 in \/usr\/share\/man\/man5\ninstalling slapo-dyngroup.5 in \/usr\/share\/man\/man5\ninstalling slapo-dynlist.5 in \/usr\/share\/man\/man5\ninstalling slapo-homedir.5 in \/usr\/share\/man\/man5\ninstalling slapo-memberof.5 in \/usr\/share\/man\/man5\ninstalling slapo-otp.5 in \/usr\/share\/man\/man5\ninstalling slapo-pbind.5 in \/usr\/share\/man\/man5\ninstalling slapo-pcache.5 in \/usr\/share\/man\/man5\ninstalling slapo-ppolicy.5 in \/usr\/share\/man\/man5\ninstalling slapo-refint.5 in \/usr\/share\/man\/man5\ninstalling slapo-remoteauth.5 in \/usr\/share\/man\/man5\ninstalling slapo-retcode.5 in \/usr\/share\/man\/man5\ninstalling slapo-rwm.5 in \/usr\/share\/man\/man5\ninstalling slapo-sssvlv.5 in \/usr\/share\/man\/man5\ninstalling slapo-syncprov.5 in \/usr\/share\/man\/man5\ninstalling slapo-translucent.5 in \/usr\/share\/man\/man5\ninstalling slapo-unique.5 in \/usr\/share\/man\/man5\ninstalling slapo-valsort.5 in \/usr\/share\/man\/man5\ninstalling slappw-argon2.5 in \/usr\/share\/man\/man5\nmake[3]: Leaving directory '\/root\/openldap-2.6.0\/doc\/man\/man5'\n \n  Entering subdirectory man8\nmake[3]: Entering directory '\/root\/openldap-2.6.0\/doc\/man\/man8'\n..\/..\/..\/build\/shtool mkdir -p \/usr\/share\/man\/man8\nPAGES=`cd .; echo *.8`; \\\nfor page in $PAGES; do \\\n\techo \"installing $page in \/usr\/share\/man\/man8\"; \\\n\trm -f \/usr\/share\/man\/man8\/$page; \\\n\t..\/..\/..\/build\/shtool install -c  -m 644 $page.tmp \/usr\/share\/man\/man8\/$page; \\\n\tif test -f \".\/$page.links\" ; then \\\n\t\tfor link in `cat .\/$page.links`; do \\\n\t\t\techo \"installing $link in \/usr\/share\/man\/man8 as link to $page\"; \\\n\t\t\trm -f \/usr\/share\/man\/man8\/$link ; \\\n\t\t\t..\/..\/..\/build\/shtool mkln -s \/usr\/share\/man\/man8\/$page \/usr\/share\/man\/man8\/$link; \\\n\t\tdone; \\\n\tfi; \\\ndone\ninstalling lloadd.8 in \/usr\/share\/man\/man8\ninstalling slapacl.8 in \/usr\/share\/man\/man8\ninstalling slapadd.8 in \/usr\/share\/man\/man8\ninstalling slapauth.8 in \/usr\/share\/man\/man8\ninstalling slapcat.8 in \/usr\/share\/man\/man8\ninstalling slapd.8 in \/usr\/share\/man\/man8\ninstalling slapdn.8 in \/usr\/share\/man\/man8\ninstalling slapindex.8 in \/usr\/share\/man\/man8\ninstalling slapmodify.8 in \/usr\/share\/man\/man8\ninstalling slappasswd.8 in \/usr\/share\/man\/man8\ninstalling slapschema.8 in \/usr\/share\/man\/man8\ninstalling slaptest.8 in \/usr\/share\/man\/man8\nmake[3]: Leaving directory '\/root\/openldap-2.6.0\/doc\/man\/man8'\n \nmake[2]: Leaving directory '\/root\/openldap-2.6.0\/doc\/man'\n \nmake[1]: Leaving directory '\/root\/openldap-2.6.0\/doc'\n<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"configuring-open-ldap-on-ubuntu-22-04\">Configuring OpenLDAP on Ubuntu 22.04<\/h3>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"create-data-and-database-directories\">Create Data and Database Directories<\/h4>\n\n\n\n<p>Create OpenLDAP data and database directories<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>mkdir \/var\/lib\/openldap \/etc\/openldap\/slapd.d<\/code><\/pre>\n\n\n\n<p>Set the proper ownership and permissions on OpenLDAP directories and configuration files.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>chown -R ldap:ldap \/var\/lib\/openldap<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>chown root:ldap \/etc\/openldap\/slapd.conf<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>chmod 640 \/etc\/openldap\/slapd.conf<\/code><\/pre>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"update-open-ldap-service\">Update OpenLDAP Service<\/h4>\n\n\n\n<p>We will update the created OpenLDAP service file;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>mv \/lib\/systemd\/system\/slapd.service{,.old}<\/code><\/pre>\n\n\n\n<pre class=\"scroll-box\"><code>\ncat > \/etc\/systemd\/system\/slapd.service << 'EOL'\n[Unit]\nDescription=OpenLDAP Server Daemon\nAfter=syslog.target network-online.target\nDocumentation=man:slapd\nDocumentation=man:slapd-mdb\n\n[Service]\nType=forking\nPIDFile=\/var\/lib\/openldap\/slapd.pid\nEnvironment=\"SLAPD_URLS=ldap:\/\/\/ ldapi:\/\/\/ ldaps:\/\/\/\"\nEnvironment=\"SLAPD_OPTIONS=-F \/etc\/openldap\/slapd.d\"\nExecStart=\/usr\/libexec\/slapd -u ldap -g ldap -h ${SLAPD_URLS} $SLAPD_OPTIONS\n\n[Install]\nWantedBy=multi-user.target\nEOL\n<\/code><\/pre>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"create-open-ldap-sudo-schema\">Create OpenLDAP SUDO Schema<\/h4>\n\n\n\n<p>To configure LDAP with support&nbsp;<code>sudo<\/code>, first, install sudo-ldap package.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>SUDO_FORCE_REMOVE=yes apt install sudo-ldap -y<\/code><\/pre>\n\n\n\n<p>You can then verify the sudo OpenLDAP.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo -V |  grep -i \"ldap\"<\/code><\/pre>\n\n\n\n<p>If sudo supports LDAP, you should see the lines below;<\/p>\n\n\n\n<pre class=\"scroll-box\"><code>\nConfigure options: --build=x86_64-linux-gnu --prefix=\/usr --includedir=${prefix}\/include --mandir=${prefix}\/share\/man --infodir=${prefix}\/share\/info --sysconfdir=\/etc --localstatedir=\/var --disable-option-checking --disable-silent-rules --libdir=${prefix}\/lib\/x86_64-linux-gnu --libexecdir=${prefix}\/lib\/x86_64-linux-gnu --disable-maintainer-mode --disable-dependency-tracking -v --with-all-insults --with-pam --with-ldap --with-fqdn --with-logging=syslog --with-logfac=authpriv --with-env-editor --with-editor=\/usr\/bin\/editor --with-exampledir=\/usr\/share\/doc\/sudo-ldap\/examples --with-timeout=15 --with-password-timeout=0 --with-passprompt=[sudo] password for %p:  --without-lecture --with-tty-tickets --disable-root-mailer --enable-admin-flag --disable-setresuid --with-sendmail=\/usr\/sbin\/sendmail --with-rundir=\/run\/sudo --with-ldap-conf-file=\/etc\/sudo-ldap.conf --libexecdir=\/usr\/lib --with-sssd --with-sssd-lib=\/usr\/lib\/x86_64-linux-gnu --enable-zlib=system --with-selinux --with-linux-audit --enable-tmpfiles.d=yes MVPROG=\/bin\/mv\nldap.conf path: \/etc\/sudo-ldap.conf\nldap.secret path: \/etc\/ldap.secret\n\n<\/code><\/pre>\n\n\n\n<p>Check if LDAP sudo schema is available.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>find \/usr\/share\/doc\/ -iname schema.openldap<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>\/usr\/share\/doc\/sudo-ldap\/schema.OpenLDAP<\/code><\/pre>\n\n\n\n<p>Copy the&nbsp;<code>schema.OpenLDAP<\/code>&nbsp;to the schema directory.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>cp \/usr\/share\/doc\/sudo-ldap\/schema.OpenLDAP  \/etc\/openldap\/schema\/sudo.schema<\/code><\/pre>\n\n\n\n<p>Next, you need to create sudo schema ldif file.<\/p>\n\n\n\n<p>Run the command below to create the&nbsp;<code><strong>sudo.ldif<\/strong><\/code>&nbsp;file. This ldif file is obtained from&nbsp;<a href=\"https:\/\/github.com\/Lullabot\/openldap-schema\/blob\/master\/sudo.ldif\" target=\"_blank\" rel=\"noreferrer noopener\">Lullabot github repository<\/a>.<\/p>\n\n\n\n<pre class=\"scroll-box\"><code>\ncat << 'EOL' > \/etc\/openldap\/schema\/sudo.ldif\ndn: cn=sudo,cn=schema,cn=config\nobjectClass: olcSchemaConfig\ncn: sudo\nolcAttributeTypes: ( 1.3.6.1.4.1.15953.9.1.1 NAME 'sudoUser' DESC 'User(s) who may  run sudo' EQUALITY caseExactIA5Match SUBSTR caseExactIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )\nolcAttributeTypes: ( 1.3.6.1.4.1.15953.9.1.2 NAME 'sudoHost' DESC 'Host(s) who may run sudo' EQUALITY caseExactIA5Match SUBSTR caseExactIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )\nolcAttributeTypes: ( 1.3.6.1.4.1.15953.9.1.3 NAME 'sudoCommand' DESC 'Command(s) to be executed by sudo' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )\nolcAttributeTypes: ( 1.3.6.1.4.1.15953.9.1.4 NAME 'sudoRunAs' DESC 'User(s) impersonated by sudo (deprecated)' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )\nolcAttributeTypes: ( 1.3.6.1.4.1.15953.9.1.5 NAME 'sudoOption' DESC 'Options(s) followed by sudo' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )\nolcAttributeTypes: ( 1.3.6.1.4.1.15953.9.1.6 NAME 'sudoRunAsUser' DESC 'User(s) impersonated by sudo' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )\nolcAttributeTypes: ( 1.3.6.1.4.1.15953.9.1.7 NAME 'sudoRunAsGroup' DESC 'Group(s) impersonated by sudo' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )\nolcObjectClasses: ( 1.3.6.1.4.1.15953.9.2.1 NAME 'sudoRole' SUP top STRUCTURAL DESC 'Sudoer Entries' MUST ( cn ) MAY ( sudoUser $ sudoHost $ sudoCommand $ sudoRunAs $ sudoRunAsUser $ sudoRunAsGroup $ sudoOption $ description ) )\nEOL\n<\/code><\/pre>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"update-slapd-database\">Update SLAPD Database<\/h4>\n\n\n\n<p>Edit the SLAPD LDIF file,&nbsp;<code><strong>\/etc\/openldap\/slapd.ldif<\/strong><\/code>, and update it as follows;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>mv \/etc\/openldap\/slapd.ldif{,.bak}<\/code><\/pre>\n\n\n\n<pre class=\"scroll-box\"><code>\ncat > \/etc\/openldap\/slapd.ldif << 'EOL'\ndn: cn=config\nobjectClass: olcGlobal\ncn: config\nolcArgsFile: \/var\/lib\/openldap\/slapd.args\nolcPidFile: \/var\/lib\/openldap\/slapd.pid\n\ndn: cn=schema,cn=config\nobjectClass: olcSchemaConfig\ncn: schema\n\ndn: cn=module,cn=config\nobjectClass: olcModuleList\ncn: module\nolcModulepath: \/usr\/libexec\/openldap\nolcModuleload: back_mdb.la\n\ninclude: file:\/\/\/etc\/openldap\/schema\/core.ldif\ninclude: file:\/\/\/etc\/openldap\/schema\/cosine.ldif\ninclude: file:\/\/\/etc\/openldap\/schema\/nis.ldif\ninclude: file:\/\/\/etc\/openldap\/schema\/inetorgperson.ldif\ninclude: file:\/\/\/etc\/openldap\/schema\/sudo.ldif\n#include: file:\/\/\/etc\/openldap\/schema\/ppolicy.ldif\ndn: olcDatabase=frontend,cn=config\nobjectClass: olcDatabaseConfig\nobjectClass: olcFrontendConfig\nolcDatabase: frontend\nolcAccess: to dn.base=\"cn=Subschema\" by * read\nolcAccess: to * \n  by dn.base=\"gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth\" manage \n  by * none\n\ndn: olcDatabase=config,cn=config\nobjectClass: olcDatabaseConfig\nolcDatabase: config\nolcRootDN: cn=config\nolcAccess: to * \n  by dn.base=\"gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth\" manage \n  by * none\nEOL\n<\/code><\/pre>\n\n\n\n<ul class=\"wp-block-list\">\n<li>To update the SLAPD database from the information provided on the SLAPD LDIF file above, use&nbsp;<code><strong>slapadd<\/strong><\/code>&nbsp;command with the option&nbsp;<code><strong>-n 0<\/strong><\/code>&nbsp;which creates the first database.<\/li>\n\n\n\n<li>To specify the configuration directory,&nbsp;<strong><code>\/etc\/openldap\/slapd.d<\/code><\/strong>, use option&nbsp;<strong><code>-F<\/code><\/strong>&nbsp;and option&nbsp;<strong><code>-l<\/code><\/strong>&nbsp;to specify location of the LDIF file above.<\/li>\n<\/ul>\n\n\n\n<p>Before you can write the changes to the database, perform a dry run to see what would happen. Pass&nbsp;<strong><code>-u<\/code><\/strong>&nbsp;option to slapadd command.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>slapadd -n 0 -F \/etc\/openldap\/slapd.d -l \/etc\/openldap\/slapd.ldif -u<\/code><\/pre>\n\n\n\n<p>If the command do not output any error, then all is fine.<\/p>\n\n\n\n<p>Then implement the changes if all is well.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>slapadd -n 0 -F \/etc\/openldap\/slapd.d -l \/etc\/openldap\/slapd.ldif<\/code><\/pre>\n\n\n\n<p>This command creates slapd database configurations under&nbsp;<code>\/etc\/openldap\/slapd.d<\/code>&nbsp;directory.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>ls \/etc\/openldap\/slapd.d<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>'cn=config'  'cn=config.ldif'<\/code><\/pre>\n\n\n\n<p>Set the user and group ownership of the&nbsp;<code>\/etc\/openldap\/slapd.d<\/code>&nbsp;directory and the files in it to ldap user.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>chown -R ldap:ldap \/etc\/openldap\/slapd.d<\/code><\/pre>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"running-open-ldap-service\">Running OpenLDAP Service<\/h4>\n\n\n\n<p>Reload systemd configurations and start OpenLDAP service.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>systemctl daemon-reload<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>systemctl enable --now slapd<\/code><\/pre>\n\n\n\n<p>Check status;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>systemctl status slapd<\/code><\/pre>\n\n\n\n<pre class=\"scroll-box\"><code>\n\u25cf slapd.service - OpenLDAP Server Daemon\n     Loaded: loaded (\/etc\/systemd\/system\/slapd.service; enabled; vendor preset: enabled)\n     Active: active (running) since Wed 2022-01-05 20:57:14 EAT; 1s ago\n       Docs: man:slapd\n             man:slapd-mdb\n    Process: 77537 ExecStart=\/usr\/libexec\/slapd -u ldap -g ldap -h ${SLAPD_URLS} $SLAPD_OPTIONS (code=exited, status=0\/SUCCESS)\n   Main PID: 77538 (slapd)\n      Tasks: 2 (limit: 3519)\n     Memory: 3.0M\n        CPU: 28ms\n     CGroup: \/system.slice\/slapd.service\n             \u2514\u250077538 \/usr\/libexec\/slapd -u ldap -g ldap -h \"ldap:\/\/\/ ldapi:\/\/\/ ldaps:\/\/\/\" -F \/etc\/openldap\/slapd.d\n\nJan 05 20:57:14 kifarunix-demo.com systemd[1]: Starting OpenLDAP Server Daemon...\nJan 05 20:57:14 kifarunix-demo.com slapd[77537]: @(#) $OpenLDAP: slapd 2.6.0 (Jan  5 2022 20:35:20) $\n                                                         root@kifarunix-demo:\/root\/openldap-2.6.0\/servers\/slapd\nJan 05 20:57:14 kifarunix-demo.com slapd[77538]: slapd starting\nJan 05 20:57:14 kifarunix-demo.com systemd[1]: Started OpenLDAP Server Daemon.\n<\/code><\/pre>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"configure-open-ldap-logging-on-ubuntu-22-04\">Configure OpenLDAP Logging on Ubuntu 22.04<\/h4>\n\n\n\n<p>By default, OpenLDAP logging level is set to&nbsp;<code>none<\/code>&nbsp;which is required to have high priority messages only logged.<\/p>\n\n\n\n<p>You can change this to a&nbsp;<a rel=\"noreferrer noopener\" href=\"https:\/\/www.openldap.org\/doc\/admin24\/slapdconfig.html\" target=\"_blank\">different log level<\/a>, say to&nbsp;<code>stats<\/code>&nbsp;level (logs connections\/operations\/results), run the command below;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>ldapmodify -Y EXTERNAL -H ldapi:\/\/\/ -Q<\/code><\/pre>\n\n\n\n<p>The copy and paste the content below on the prompt to modify the log level.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>dn: cn=config\nchangeType: modify\nreplace: olcLogLevel\nolcLogLevel: stats<\/code><\/pre>\n\n\n\n<p>Next, press&nbsp;<strong>ENTER<\/strong> twice. Once you see a line,&nbsp;<code><strong>modifying entry \"cn=config\"<\/strong><\/code>, then press&nbsp;<code><strong>Ctrl+d<\/strong><\/code>.<\/p>\n\n\n\n<p>You can as well use LDIF files to update this information if you like.<\/p>\n\n\n\n<p>To confirm the changes;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>ldapsearch -Y EXTERNAL -H ldapi:\/\/\/ -b cn=config \"(objectClass=olcGlobal)\" olcLogLevel -LLL -Q<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>dn: cn=config\nolcLogLevel: stats<\/code><\/pre>\n\n\n\n<p>Next, you need to specify the log file for OpenLDAP on Rsyslog configuration. By default, OpenLDAP logs to&nbsp;<code>local4<\/code>&nbsp;facility, hence, to configure it to log to&nbsp;<code>\/var\/log\/slapd.log<\/code>&nbsp;for example, execute the command below;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>echo \"local4.* \/var\/log\/slapd.log\" &gt;&gt; \/etc\/rsyslog.d\/51-slapd.conf<\/code><\/pre>\n\n\n\n<p>Restart Rsyslog and SLAPD service<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>systemctl restart rsyslog slapd<\/code><\/pre>\n\n\n\n<p>You should now be able to read the LDAP logs on,&nbsp;<code>\/var\/log\/slapd.log<\/code>.<\/p>\n\n\n\n<p>You can as well configure log rotation;<\/p>\n\n\n\n<pre class=\"scroll-box\"><code>\ncat > \/etc\/logrotate.d\/slapd << EOL\n\/var\/log\/slapd.log\n{ \n        rotate 7\n        daily\n        missingok\n        notifempty\n        delaycompress\n        compress\n        postrotate\n                \/usr\/lib\/rsyslog\/rsyslog-rotate\n        endscript\n}\nEOL\n<\/code><\/pre>\n\n\n\n<p>Restart log rotation service;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>systemctl restart logrotate<\/code><\/pre>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"create-open-ldap-default-root-dn\">Create OpenLDAP Default Root DN<\/h4>\n\n\n\n<p>Next, create MDB database defining the root DN as well as the access control lists.<\/p>\n\n\n\n<p>First, generate the root DN password.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>slappasswd<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>New password: <strong>ENTER PASSWORD<\/strong>\nRe-enter new password: <strong>RE-ENTER PASSWORD<\/strong>\n{SSHA}mkWcb8AsesQrsmA9ZZNFW4jCMnuHiJaf<\/code><\/pre>\n\n\n\n<p>Copy and paste the password hash generated above,  <strong>{SSHA}mkWcb8AsesQrsmA9ZZNFW4jCMnuHiJaf<\/strong>, as the value of&nbsp;<strong><code>olcRootPW<\/code><\/strong>&nbsp;in the Root DN ldif file below.<\/p>\n\n\n\n<p>Replace the domain components,&nbsp;<code><strong>dc=ldapmaster,dc=kifarunix-demo,dc=com<\/strong><\/code>&nbsp;with your appropriate names.<\/p>\n\n\n\n<pre class=\"scroll-box\"><code>\ncat > rootdn.ldif << 'EOL'\ndn: olcDatabase=mdb,cn=config\nobjectClass: olcDatabaseConfig\nobjectClass: olcMdbConfig\nolcDatabase: mdb\nolcDbMaxSize: 42949672960\nolcDbDirectory: \/var\/lib\/openldap\nolcSuffix: dc=ldapmaster,dc=kifarunix-demo,dc=com\nolcRootDN: cn=admin,dc=ldapmaster,dc=kifarunix-demo,dc=com\nolcRootPW: {SSHA}mkWcb8AsesQrsmA9ZZNFW4jCMnuHiJaf\nolcDbIndex: uid pres,eq\nolcDbIndex: cn,sn pres,eq,approx,sub\nolcDbIndex: mail pres,eq,sub\nolcDbIndex: objectClass pres,eq\nolcDbIndex: loginShell pres,eq\nolcDbIndex: sudoUser,sudoHost pres,eq\nolcAccess: to attrs=userPassword,shadowLastChange,shadowExpire\n  by self write\n  by anonymous auth\n  by dn.subtree=\"gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth\" manage \n  by dn.subtree=\"ou=system,dc=ldapmaster,dc=kifarunix-demo,dc=com\" read\n  by * none\nolcAccess: to dn.subtree=\"ou=system,dc=ldapmaster,dc=kifarunix-demo,dc=com\" by dn.subtree=\"gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth\" manage\n  by * none\nolcAccess: to dn.subtree=\"dc=ldapmaster,dc=kifarunix-demo,dc=com\" by dn.subtree=\"gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth\" manage\n  by users read \n  by * none\nEOL\n<\/code><\/pre>\n\n\n\n<p>Read more about ACL on&nbsp;<a href=\"https:\/\/www.openldap.org\/doc\/admin24\/access-control.html\" target=\"_blank\" rel=\"noreferrer noopener\">OpenLDAP Access Control<\/a>.<\/p>\n\n\n\n<p>Updated the slapd database with the content above;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>ldapadd -Y EXTERNAL -H ldapi:\/\/\/ -f rootdn.ldif<\/code><\/pre>\n\n\n\n<p>Sample command output;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>SASL\/EXTERNAL authentication started\nSASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth\nSASL SSF: 0\nadding new entry \"olcDatabase=mdb,cn=config\"<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"configure-open-ldap-with-ssl-tls\">Configure OpenLDAP with SSL\/TLS<\/h3>\n\n\n\n<p>To secure OpenLDAP communication between the client and the server, configured it to use SSL\/TLS certificates.<\/p>\n\n\n\n<p>In this guide, we are self-signed certificates. You can choose to obtain the commercially signed and trusted certificates from your preferred CAs, for production environments.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout \\\n\/etc\/ssl\/ldapserver.key -out \/etc\/ssl\/ldapserver.crt<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>chown ldap:ldap \/etc\/ssl\/{ldapserver.crt,ldapserver.key}<\/code><\/pre>\n\n\n\n<p>Update the OpenLDAP Server TLS certificates attributes.<\/p>\n\n\n\n<pre class=\"scroll-box\"><code>\ncat > tls.ldif << 'EOL'\ndn: cn=config\nchangetype: modify\nadd: olcTLSCACertificateFile\nolcTLSCACertificateFile: \/etc\/ssl\/ldapserver.crt\n-\nadd: olcTLSCertificateFile\nolcTLSCertificateFile: \/etc\/ssl\/ldapserver.crt\n-\nadd: olcTLSCertificateKeyFile\nolcTLSCertificateKeyFile: \/etc\/ssl\/ldapserver.key\nEOL\n<\/code><\/pre>\n\n\n\n<p>Note that we have used self-signed certificate as both the certificate and the CA certificate.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>ldapadd -Y EXTERNAL -H ldapi:\/\/\/ -f tls.ldif<\/code><\/pre>\n\n\n\n<p>Once the command runs, you can confirm TLS settings by running the command below;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>slapcat -b \"cn=config\" | grep olcTLS<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>olcTLSCACertificateFile: \/etc\/ssl\/ldapserver.crt\nolcTLSCertificateFile: \/etc\/ssl\/ldapserver.crt\nolcTLSCertificateKeyFile: \/etc\/ssl\/ldapserver.key<\/code><\/pre>\n\n\n\n<p>Change the location of the CA certificate on&nbsp;<code>\/etc\/ldap\/ldap.conf<\/code>.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sed -i 's|\/etc\/ssl\/certs\/ca-certificates.crt|\/etc\/ssl\/ldapserver.crt|' \/etc\/ldap\/ldap.conf<\/code><\/pre>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"create-open-ldap-base-dn\">Create OpenLDAP Base DN<\/h4>\n\n\n\n<p>Next, create your base DN or search base to define your organization structure and directory.<\/p>\n\n\n\n<p>Replace the domain components and organization units accordingly.<\/p>\n\n\n\n<pre class=\"scroll-box\"><code>\ncat > basedn.ldif << 'EOL'\ndn: dc=ldapmaster,dc=kifarunix-demo,dc=com\nobjectClass: dcObject\nobjectClass: organization\nobjectClass: top\no: Kifarunix-demo\ndc: ldapmaster\n\ndn: ou=groups,dc=ldapmaster,dc=kifarunix-demo,dc=com\nobjectClass: organizationalUnit\nobjectClass: top\nou: groups\n\ndn: ou=people,dc=ldapmaster,dc=kifarunix-demo,dc=com\nobjectClass: organizationalUnit\nobjectClass: top\nou: people\nEOL\n<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>ldapadd -Y EXTERNAL -H ldapi:\/\/\/ -f basedn.ldif<\/code><\/pre>\n\n\n\n<p>Sample output;<\/p>\n\n\n\n<pre class=\"scroll-box\"><code>\nSASL\/EXTERNAL authentication started\nSASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth\nSASL SSF: 0\nadding new entry \"dc=ldapmaster,dc=kifarunix-demo,dc=com\"\n\nadding new entry \"ou=groups,dc=ldapmaster,dc=kifarunix-demo,dc=com\"\n\nadding new entry \"ou=people,dc=ldapmaster,dc=kifarunix-demo,dc=com\"\n<\/code><\/pre>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"create-open-ldap-user-accounts\">Create OpenLDAP User Accounts<\/h4>\n\n\n\n<p>You can add users to your OpenLDAP server. Create an ldif file to define your users as follows.<\/p>\n\n\n\n<pre class=\"scroll-box\"><code>\ncat > users.ldif << 'EOL'\ndn: uid=johndoe,ou=people,dc=ldapmaster,dc=kifarunix-demo,dc=com\nobjectClass: inetOrgPerson\nobjectClass: posixAccount\nobjectClass: shadowAccount\nuid: johndoe\ncn: John\nsn: Doe\nloginShell: \/bin\/bash\nuidNumber: 10000\ngidNumber: 10000\nhomeDirectory: \/home\/johndoe\nshadowMax: 60\nshadowMin: 1\nshadowWarning: 7\nshadowInactive: 7\nshadowLastChange: 0\n\ndn: cn=johndoe,ou=groups,dc=ldapmaster,dc=kifarunix-demo,dc=com\nobjectClass: posixGroup\ncn: johndoe\ngidNumber: 10000\nmemberUid: johndoe\nEOL\n<\/code><\/pre>\n\n\n\n<p>Add the user to the OpenLDAP database.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>ldapadd -Y EXTERNAL -H ldapi:\/\/\/ -f users.ldif<\/code><\/pre>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"setting-password-for-ldap-user\">Setting password for LDAP User<\/h4>\n\n\n\n<p>To set the password for user above, run the command below;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>ldappasswd -H ldapi:\/\/\/ -Y EXTERNAL -S \"uid=johndoe,ou=people,dc=ldapmaster,dc=kifarunix-demo,dc=com\"<\/code><\/pre>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"create-open-ldap-bind-dn-and-bind-dn-user\">Create OpenLDAP Bind DN and Bind DN User<\/h4>\n\n\n\n<p>Bind DN user is used for performing LDAP operations such as resolving User IDs and group IDs.<\/p>\n\n\n\n<p>In this guide, we create a bind DN ou called&nbsp;<code>system<\/code>.<\/p>\n\n\n\n<p>Note the access controls associated with this <strong><code>ou<\/code><\/strong> as defined on the root DN above.<\/p>\n\n\n\n<p>List the Access control lists on the database;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>ldapsearch -Q -LLL -Y EXTERNAL -H ldapi:\/\/\/ -b cn=config '(olcDatabase={1}mdb)' olcAccess<\/code><\/pre>\n\n\n\n<pre class=\"scroll-box\"><code>\ndn: olcDatabase={1}mdb,cn=config\nolcAccess: {0}to attrs=userPassword,shadowLastChange,shadowExpire by self writ\n e by anonymous auth by dn.subtree=\"gidNumber=0+uidNumber=0,cn=peercred,cn=ext\n ernal,cn=auth\" manage  by dn.subtree=\"ou=system,dc=ldapmaster,dc=kifarunix-de\n mo,dc=com\" read by * none\nolcAccess: {1}to dn.subtree=\"ou=system,dc=ldapmaster,dc=kifarunix-demo,dc=com\"\n  by dn.subtree=\"gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth\" mana\n ge by * none\nolcAccess: {2}to dn.subtree=\"dc=ldapmaster,dc=kifarunix-demo,dc=com\" by dn.sub\n tree=\"gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth\" manage by user\n s read  by * none\n<\/code><\/pre>\n\n\n\n<p>Create the LDAP BindDN user password.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>slappasswd<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>New password: \nRe-enter new password: \n<strong>{SSHA}51i5ZSBTbCULaS8IwRrLDnrcsrM00czf<\/strong><\/code><\/pre>\n\n\n\n<p>Copy and Paste the password hash value above as the value of&nbsp;<strong><code>userPassword<\/code><\/strong>&nbsp;attribute in the file below;<\/p>\n\n\n\n<pre class=\"scroll-box\"><code>\ncat > bindDNuser.ldif << 'EOL'\ndn: ou=system,dc=ldapmaster,dc=kifarunix-demo,dc=com\nobjectClass: organizationalUnit\nobjectClass: top\nou: system\n\ndn: cn=readonly,ou=system,dc=ldapmaster,dc=kifarunix-demo,dc=com\nobjectClass: organizationalRole\nobjectClass: simpleSecurityObject\ncn: readonly\nuserPassword: {SSHA}51i5ZSBTbCULaS8IwRrLDnrcsrM00czf\ndescription: Bind DN user for LDAP Operations\nEOL\n<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>ldapadd -Y EXTERNAL -H ldapi:\/\/\/ -f bindDNuser.ldif<\/code><\/pre>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"enable-open-ldap-password-policies\">Enable OpenLDAP Password Policies<\/h4>\n\n\n\n<p>If you want to implement OpenLDAP password policies, ensure that the Password Policy Schema is enabled.<\/p>\n\n\n\n<p>To enable the Password policy schema, run the command below;<\/p>\n\n\n\n<pre class=\"scroll-box\"><code>\ncat > ppolicy.ldif << 'EOL'\ndn: cn=ppolicy,cn=schema,cn=config\nobjectClass: olcSchemaConfig\ncn: ppolicy\nolcAttributeTypes: {0}( 1.3.6.1.4.1.42.2.27.8.1.1 NAME 'pwdAttribute' EQUALITY\n  objectIdentifierMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 )\nolcAttributeTypes: {1}( 1.3.6.1.4.1.42.2.27.8.1.2 NAME 'pwdMinAge' EQUALITY in\n tegerMatch ORDERING integerOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27\n  SINGLE-VALUE )\nolcAttributeTypes: {2}( 1.3.6.1.4.1.42.2.27.8.1.3 NAME 'pwdMaxAge' EQUALITY in\n tegerMatch ORDERING integerOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27\n  SINGLE-VALUE )\nolcAttributeTypes: {3}( 1.3.6.1.4.1.42.2.27.8.1.4 NAME 'pwdInHistory' EQUALITY\n  integerMatch ORDERING integerOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1\n .27 SINGLE-VALUE )\nolcAttributeTypes: {4}( 1.3.6.1.4.1.42.2.27.8.1.5 NAME 'pwdCheckQuality' EQUAL\n ITY integerMatch ORDERING integerOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.12\n 1.1.27 SINGLE-VALUE )\nolcAttributeTypes: {5}( 1.3.6.1.4.1.42.2.27.8.1.6 NAME 'pwdMinLength' EQUALITY\n  integerMatch ORDERING integerOrderingMatch  SYNTAX 1.3.6.1.4.1.1466.115.121.\n 1.27 SINGLE-VALUE )\nolcAttributeTypes: {6}( 1.3.6.1.4.1.42.2.27.8.1.7 NAME 'pwdExpireWarning' EQUA\n LITY integerMatch ORDERING integerOrderingMatch  SYNTAX 1.3.6.1.4.1.1466.115.\n 121.1.27 SINGLE-VALUE )\nolcAttributeTypes: {7}( 1.3.6.1.4.1.42.2.27.8.1.8 NAME 'pwdGraceAuthNLimit' EQ\n UALITY integerMatch ORDERING integerOrderingMatch  SYNTAX 1.3.6.1.4.1.1466.11\n 5.121.1.27 SINGLE-VALUE )\nolcAttributeTypes: {8}( 1.3.6.1.4.1.42.2.27.8.1.9 NAME 'pwdLockout' EQUALITY b\n ooleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE )\nolcAttributeTypes: {9}( 1.3.6.1.4.1.42.2.27.8.1.10 NAME 'pwdLockoutDuration' E\n QUALITY integerMatch ORDERING integerOrderingMatch  SYNTAX 1.3.6.1.4.1.1466.1\n 15.121.1.27 SINGLE-VALUE )\nolcAttributeTypes: {10}( 1.3.6.1.4.1.42.2.27.8.1.11 NAME 'pwdMaxFailure' EQUAL\n ITY integerMatch ORDERING integerOrderingMatch  SYNTAX 1.3.6.1.4.1.1466.115.1\n 21.1.27 SINGLE-VALUE )\nolcAttributeTypes: {11}( 1.3.6.1.4.1.42.2.27.8.1.12 NAME 'pwdFailureCountInter\n val' EQUALITY integerMatch ORDERING integerOrderingMatch  SYNTAX 1.3.6.1.4.1.\n 1466.115.121.1.27 SINGLE-VALUE )\nolcAttributeTypes: {12}( 1.3.6.1.4.1.42.2.27.8.1.13 NAME 'pwdMustChange' EQUAL\n ITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE )\nolcAttributeTypes: {13}( 1.3.6.1.4.1.42.2.27.8.1.14 NAME 'pwdAllowUserChange' \n EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE )\nolcAttributeTypes: {14}( 1.3.6.1.4.1.42.2.27.8.1.15 NAME 'pwdSafeModify' EQUAL\n ITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE )\nolcAttributeTypes: {15}( 1.3.6.1.4.1.4754.1.99.1 NAME 'pwdCheckModule' DESC 'L\n oadable module that instantiates \"check_password() function' EQUALITY caseExa\n ctIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )\nolcAttributeTypes: {16}( 1.3.6.1.4.1.42.2.27.8.1.30 NAME 'pwdMaxRecordedFailur\n e' EQUALITY integerMatch ORDERING integerOrderingMatch  SYNTAX 1.3.6.1.4.1.\n 1466.115.121.1.27 SINGLE-VALUE )\nolcObjectClasses: {0}( 1.3.6.1.4.1.4754.2.99.1 NAME 'pwdPolicyChecker' SUP top\n  AUXILIARY MAY pwdCheckModule )\nolcObjectClasses: {1}( 1.3.6.1.4.1.42.2.27.8.2.1 NAME 'pwdPolicy' SUP top AUXI\n LIARY MUST pwdAttribute MAY ( pwdMinAge $ pwdMaxAge $ pwdInHistory $ pwdCheck\n Quality $ pwdMinLength $ pwdExpireWarning $ pwdGraceAuthNLimit $ pwdLockout $\n  pwdLockoutDuration $ pwdMaxFailure $ pwdFailureCountInterval $ pwdMustChange\n  $ pwdAllowUserChange $ pwdSafeModify $ pwdMaxRecordedFailure ) )\nEOL\n<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>ldapadd -Y EXTERNAL -H ldapi:\/\/\/ -f ppolicy.ldif<\/code><\/pre>\n\n\n\n<p>Next, read the guide below to learn how to implement password policies.<\/p>\n\n\n\n<p><a href=\"https:\/\/kifarunix.com\/implement-openldap-password-policies\/\" target=\"_blank\" rel=\"noreferrer noopener\">Implement OpenLDAP Password Policies<\/a><\/p>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"allow-open-ldap-service-on-firewall\">Allow OpenLDAP Service on Firewall<\/h4>\n\n\n\n<p>If UFW is running, allow OpenLDAP (both LDAP and LDAPS) external access;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>ufw allow \"OpenLDAP LDAP\"<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>ufw allow \"OpenLDAP LDAPS\"<\/code><\/pre>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"authenticate-via-open-ldap-server\">Authenticate Via OpenLDAP Server<\/h4>\n\n\n\n<p>And that is how to install and setup OpenLDAP Server.<\/p>\n\n\n\n<p>To verify that users can actually connect to the systems via the OpenLDAP server, you need to configure OpenLDAP clients on the remote systems.<\/p>\n\n\n\n<p>See the guides below;<\/p>\n\n\n\n<p><a href=\"https:\/\/kifarunix.com\/configure-sssd-for-ldap-authentication-on-ubuntu-20-04\/\" target=\"_blank\" rel=\"noreferrer noopener\">Configure SSSD for LDAP Authentication on Ubuntu 20.04<\/a><\/p>\n\n\n\n<p><a href=\"https:\/\/kifarunix.com\/configure-sssd-for-ldap-authentication-on-rocky-linux-8\/\" target=\"_blank\" rel=\"noreferrer noopener\">Configure SSSD for LDAP Authentication on Rocky Linux 8<\/a><\/p>\n\n\n\n<p><a href=\"https:\/\/kifarunix.com\/install-and-configure-sssd-for-openldap-authentication-on-fedora-32-31-30\/\" target=\"_blank\" rel=\"noreferrer noopener\">Install and Configure SSSD for OpenLDAP Authentication on Fedora 32\/31\/30<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>In this tutorial, you will learn how to install and setup OpenLDAP Server on Ubuntu 22.04. Installing OpenLDAP Server on Ubuntu 22.04 Update your System<\/p>\n","protected":false},"author":1,"featured_media":11248,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"rank_math_lock_modified_date":false,"footnotes":""},"categories":[121,285,1099],"tags":[248,4411,4414,4413,4410,4412,4409],"class_list":["post-11236","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-howtos","category-directory-server","category-openldap","tag-ldap","tag-openldap-server-on-ubuntu-22-04","tag-openldap-ssl-tls","tag-slapd","tag-sssd-openldap-ubuntu-22-04","tag-ubuntu-22-04","tag-ubuntu-22-04-openldap-server","generate-columns","tablet-grid-50","mobile-grid-100","grid-parent","grid-50","resize-featured-image"],"_links":{"self":[{"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/posts\/11236"}],"collection":[{"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/comments?post=11236"}],"version-history":[{"count":8,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/posts\/11236\/revisions"}],"predecessor-version":[{"id":21321,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/posts\/11236\/revisions\/21321"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/media\/11248"}],"wp:attachment":[{"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/media?parent=11236"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/categories?post=11236"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/tags?post=11236"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}