Setting up a LLDAP server

From Alpine Linux

General

LLDAP is a small LDAP server designed for directory services without the overhead of a full blown OpenLDAP server. LLDAP server is designed for easy management using a simple web gui. It lacks some of the features found in other directory servers, because its specificly designed for easy use.

Install

Installing LLDAP is fairly simple and can be done in less then 5 minutes. start by logging in as root:

doas su -

Then we make sure the system is up to date and install wget:

apk update && apk upgrade && apk add wget

Then we make the directory for LLDAP to live in and install the software:

mkdir /opt/lldap && cd /opt/lldap

wget https://github.com/lldap/lldap/releases/download/v0.5.0/amd64-lldap.tar.gz && tar xzf amd64-lldap.tar.gz && mv amd64-lldap/* . && rm -rf amd64-lldap


Configure

To configure LLDAP we have to create a config file, and an rc file to start it automaticly upon boot. First we generate 2 random strings to use in the configuration as jwt_secret and key_seed:

openssl rand -base64 15 && openssl rand -base64 15

Then we paste the following configuration into /opt/lldap/lldap_config.toml and replace the jwt_secret and key_seed with the random generated value's:

ldap_port = 3890 http_port = 17170 http_url = "https://domain.tld" jwt_secret = "very-long-string" ldap_base_dn = "dc=domain,dc=tld" ldap_user_dn = "admin" ldap_user_email = "admin@domain.tld" ldap_user_pass = "very-strong-password" database_url = "sqlite:///opt/lldap/users.db?mode=rwc" key_seed = "random-string-again" [smtp_options] #enable_password_reset=true #server="smtp.gmail.com" #port=587 #smtp_encryption = "TLS" #user="sender@gmail.com" #password="password" #from="LLDAP Admin <sender@gmail.com>" #reply_to="Do not reply <noreply@localhost>" [ldaps_options] #enabled=true #port=6360 ## Certificate file. #cert_file="/data/cert.pem" ## Certificate key file. #key_file="/data/key.pem"

Replace domain.tld with your chose domain name. Next we need to create an openrc file so we can automatically start lldap:

cat <<EOF > /etc/init.d/lldap #!/sbin/openrc-run name=lldap command="/opt/lldap/lldap" command_args="run" command_background="yes" pidfile="/run/lldap.pid" depend() { need net } start_pre() { cd /opt/lldap } EOF

This is not an extensive file, but it gets you running and ensures lldap starts and works correctly. Now we need to add it to the default runlevel and start the service

chmod +x /etc/init.d/lldap && rc-update add lldap

Use

To use LLDAP we can browse to http://<ip>:17170 and login with the credentials we specified in the config file.


This is a basic configuration. You can now connect other services that support ldap logins to LLDAP.

Troubleshooting

  • Some troubleshooting information


Resources