To setup a basic LDAP server with Unix user management, we will need the following


Installing LDAP

pkg install openldap26-server

Please keep in mind that the version may change in the future, e.g. openldap27-server. You can run pkg search openldap to find the latest version.

Configuring LDAP

Start by modifying /usr/local/etc/openldap/ldap.conf, and use the following inside:

BASE    dc=awesome,dc=com
URI     ldap://

Next, edit /usr/local/etc/openldap/slapd.conf and modify/set the following:

include         /usr/local/etc/openldap/schema/cosine.schema
include         /usr/local/etc/openldap/schema/nis.schema

rootpw VerySecretAutoGeneratedPassword

suffix          "dc=awesome,dc=com"
rootdn          "cn=admin,dc=awesome,dc=com"

rootpw          {SSHA}TheOutputOfSlapPasswd

Finally, edit /usr/local/etc/openldap/slapd.ldif and modify the following inside:

olcSuffix: dc=awesome,dc=com
olcRootDN: cn=admin,dc=awesome,dc=com

olcRootPW: {SSHA}TheOutputOfSlapPasswd

Installing LDAPScripts

LDAPScripts is a collection of scripts to manage POSIX accounts in an OpenLDAP directory.

pkg install ldapscripts

Configuring LDAPScripts

Edit file /usr/local/etc/ldapscripts/ldapscripts.conf and modify the following:




GIDSTART="15000" # Group ID                                                    
UIDSTART="10000" # User ID                                                     
MIDSTART="20000" # Machine ID

PASSWORDGEN="cat /dev/urandom | env LC_ALL=C tr -dc 'a-zA-Z0-9' | head -c18"



We can finally initialize the LDAP directory with Unix data by running



Make sure that is reachable via ICMP. You can check by running ping -t4 If you haven't configured DNS yet, you may want to modify /etc/hosts.

Using LDAPScripts

Say we want to have a group named admins for administrators and a user named john, that should be a member of administrators.

ldapaddgroup admins
ldapaddgroup john 10000
ldapadduser  john john
ldapaddusertogroup john admins

And we can check by using ldapid:

# ldapid john
uid=10000(john) gid=10000(john) groups=10000(john),15000(admins)

Next Steps

Next, you might want to:


* Add SSL/TLS Encryption.

LDAP/Setup (last edited 2023-10-22T20:25:10+0000 by PauAmma)