How to Setup LDAP Server on Rocky Linux 8

Introduction

LDAP stands for Lightweight Directory Access Protocol.
It is a protocol used to store and access information in a central directory.
In simple words, LDAP helps Linux administrators to create a central place for user accounts, passwords, and groups.
This allows multiple servers and applications to use the same login credentials, making management easier and more secure.

In this guide, we will set up an LDAP server on Rocky Linux 8 with domain bitscentric.local,
install a GUI tool for easier access, and follow best practices for administration.

Step 1: Update System

sudo dnf update -y
sudo reboot

Step 2: Install OpenLDAP Server

Install LDAP server and client packages:

sudo dnf install openldap-servers openldap-clients -y

Start and enable LDAP service:

sudo systemctl start slapd
sudo systemctl enable slapd

Step 3: Set LDAP Admin Password

Generate a password hash for LDAP admin:

slappasswd

It will ask for a password and generate a hash (something like {SSHA}gdfgj343...). Save this hash.

Step 4: Configure LDAP Database

By default, OpenLDAP uses configuration files inside /etc/openldap/slapd.d/.
We need to add the admin password and base domain. Example: dc=bitscentric,dc=local.

Create a file chrootpw.ldif:

dn: olcDatabase=2hdb,cn=config
changetype: modify
replace: olcRootPW
olcRootPW: {SSHA}your_generated_hash

Apply changes:

ldapmodify -Y EXTERNAL -H ldapi:/// -f chrootpw.ldif

Step 5: Define LDAP Base Domain

Create a file base.ldif:

dn: dc=bitscentric,dc=local
objectClass: top
objectClass: dcObject
objectClass: organization
o: Bitscentric Organization
dc: bitscentric

dn: cn=Manager,dc=bitscentric,dc=local
objectClass: organizationalRole
cn: Manager

Load it into LDAP:

ldapadd -x -D "cn=Manager,dc=bitscentric,dc=local" -W -f base.ldif

Step 6: Verify LDAP Installation

Search the database:

ldapsearch -x -b "dc=bitscentric,dc=local"

Step 7: Install GUI Tool (phpLDAPadmin)

phpLDAPadmin is a web-based GUI tool to manage LDAP easily.

sudo dnf install epel-release -y
sudo dnf install phpldapadmin -y

Edit the configuration file:

sudo nano /etc/phpldapadmin/config.php

Find and set your domain details:

$servers->setValue('server','host','127.0.0.1');
$servers->setValue('server','base',array('dc=bitscentric,dc=local'));
$servers->setValue('login','bind_id','cn=Manager,dc=bitscentric,dc=local');

Step 8: Configure Apache for phpLDAPadmin

By default, phpLDAPadmin is restricted. Edit:

sudo nano /etc/httpd/conf.d/phpldapadmin.conf

Change Require local to Require all granted (or allow specific IPs).

Restart Apache:

sudo systemctl restart httpd

Now open in browser:

http://server-ip/phpldapadmin

Login with username cn=Manager,dc=bitscentric,dc=local and your password.

Best Practices for Linux Administrators

  • Use strong admin password for LDAP Manager.
  • Restrict phpLDAPadmin access to specific IP addresses (avoid exposing to public internet).
  • Always configure firewall to allow only required ports (389 for LDAP, 636 for LDAPS).
  • Enable LDAPS (LDAP over SSL) for secure connections.
  • Take regular backups of /var/lib/ldap/ directory.
  • Integrate LDAP with Linux authentication using sssd for centralized login.

Conclusion

We have successfully installed and configured an LDAP server on Rocky Linux 8 using domain bitscentric.local,
set up a GUI tool (phpLDAPadmin), and followed best practices.
Now you can use LDAP for centralized user management across multiple servers and applications.
This is an essential skill for Linux administrators working in enterprise environments.

Related Posts

Leave a Reply

Your email address will not be published. Required fields are marked *

Trends

Prometheus and Grafana Interview Questions and Answers
Force Linux User to Change Password at First Login and Periodically on Rocky Linux/RHEL-8
Create Bulk Zimbra Users Using Shell Script
Setup NFS Server and Client in Rocky Linux 8