Installation of OpenLDAP on Debian Wheezy

This article briefly describes how I have set up OpenLDAP server on my Debian GNU/Linux machine. I hope it could be of any help to somebody interested in this topic.


You can get your preferred archives from Currently, the latest stable release is 2.4.38.

First of all, it is required that the following packages should be installed in advance. The configure script would fail otherwise.

You are also required to have the following package installed. Otherwise, make test would fail at test008-concurrency.


$ ./configure --enable-crypt --enable-overlays
$ make depend
$ make
$ make test
$ sudo make install

The above steps took almost one hour in my environment, especially for make test which took more than 40 minutes.

OpenLDAP has been installed under /usr/local by now.

Initial Configuration

It is not cool that OpenLDAP is running as root user, right?

Create the specific user and group

$ sudo groupadd -r ldap
$ sudo useradd -g ldap -r -s /bin/false ldap

Change owners (or permissions)

$ sudo chown -R ldap:ldap /usr/local/etc/openldap
$ sudo chown -R ldap:ldap /usr/local/var/openldap-data
$ sudo mkdir /usr/local/var/openldap-run
$ sudo chown -R ldap:ldap /usr/local/var/openldap-run

Edit the configuration file

$ sudo vi /usr/local/etc/openldap/slapd.conf
  • Add your preferred schema files.
  • Modify the paths to pidfile and argsfile.
  • Modify the suffix, rootdn, rootpw, and so on.

Below is a sample slapd.conf, which I do not recommend you to copy as it is…

include /usr/local/etc/openldap/schema/core.schema
include /usr/local/etc/openldap/schema/cosine.schema
include /usr/local/etc/openldap/schema/dyngroup.schema
include /usr/local/etc/openldap/schema/inetorgperson.schema
include /usr/local/etc/openldap/schema/ppolicy.schema

pidfile  /usr/local/var/openldap-run/
argsfile /usr/local/var/openldap-run/slapd.args

database  bdb
suffix    "dc=localdomain"
rootdn    "cn=Manager,dc=localdomain"
rootpw    secret
directory /usr/local/var/openldap-data
index     objectClass eq

Do not forget to test the modified configuration file.

$ sudo /usr/local/sbin/slaptest -u

Configure the database

$ cd /usr/local/var/openldap-data
$ sudo cp -p DB_CONFIG.example DB_CONFIG

To be honest, I am not familiar with this part at all…

Start and Stop

You can start up the daemon slapd as follows.

$ sudo /usr/local/libexec/slapd -u ldap -g ldap

And you can stop it by sending an INT sygnal to it.

$ sudo kill -INT `cat /usr/local/var/openldap-run/`

About tt4cs

I am a post-sale service engineer working in Tokyo for a Singapore-based software development company, which provides authentication and access management solutions for global and regional financial institutions in Asia-Pacific region.
This entry was posted in LDAP and tagged , . Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s