How to install and configure OpenLDAP on Linux

Home > Search > How-to

Use apt-get or yum to install OpenLDAP.

~]# yum install openldap openldap-clients openldap-servers migrationtools


Set Root Password

Set the LDAP root password.

~]# slappasswd
New password: ********
Re-enter new password: ********


Configure LDAP for your domain

Next, you will configure LDAP to use your domain name, such as The domain is the top-level entity in an LDAP hierarchy. Later, you will create OUs and add users to OUs.


By default, the /etc/openldap/slapd.d/cn=config/olcDatabase={2}hdb.ldif file will have domain name Update this file to list your domain name. Also, add entries for your root LDAP password, as well as the path to your public certficate and private key.

olcSuffix: dc=example,dc=com
olcRootDN: cn=Manager,dc=example,dc=com
. . .
olcRootPW: {SHHA}pfjf4857vjslsj4j4g8skdffj3342
olcTLSCertificateFile: /etc/pki/tls/certs/example.crt
olcTLSCertificateKeyFIle: /etc/pki/tls/private/example.key


In the /etc/openldap/slapd.d/cn=config/olcDatabase={1}monitor.ldif file, replace my-domain with your domain name.



Update /usr/share/migrationtools/ to have your domain.

$DEFAULT_BASE = "dc=example,dc=com"


Ensure "config file testing succeeded" is displayed. Checksum errors can be ignored.

~]# slaptest -u
. . .
config file testing succeeded


Start and enable OpenLDAP

Start and enable OpenLDAP, and ensure OpenLDAP is active and running.

~]# systemctl start slapd
~]# systemctl enable slapd
~]# systemctl status slapd


Verify that the LDAP service is listening on port 389.

netstat -ant | grep 389
tcp        0      0   *               LISTEN          
tcp6       0      0 :::389                  :::*                    LISTEN


Database schema

Copy the example DB_CONFIG file into the /var/lib/ldap/ directory, and rename the file to DB_CONFIG.

cp /usr/share/openldap-servers/DB_CONFIG.example /var/lib/ldap/DB_CONFIG


Add the cosine, nis, and inetorgperson schemas

~]# ldapadd -Y EXTERNAL -H ldapi:// -f /etc/openldap/schema/cosine.ldif
~]# ldapadd -Y EXTERNAL -H ldapi:// -f /etc/openldap/schema/nis.ldif
~]# ldapadd -Y EXTERNAL -H ldapi:// -f /etc/openldap/schema/inetorgperson.ldif


Update /usr/share/migrationtools/ to use extended schema.




Add a Comment

We will never share your name or email with anyone. Enter your email if you would like to be notified when we respond to your comment.

Please enter in the box below so that we can be sure you are a human.