GNet Solutions » FreeBSD Administration

This is a guide on setting up LLDAP on FreeBSD 14.

Prepare the Environment¶

• Before installation of the components, make sure everything is up to date using the following command:
  

  pkg update -f && pkg upgrade
  

Install LLDAP¶

• Install the LLDAP package:
  

  pkg install lldap
  

• Copy the example config to the LLDAP directory
  

  cp /usr/local/share/lldap/ldap_config.toml.example /usr/local/lldap_server/lldap_config.toml
  

• Edit the LLDAP config:
  

  vi /usr/local/lldap_server/lldap_config.toml
  

  • Change the following config values accordingly:
    

    ldap_host = "127.0.0.1" 
    ldap_port = 3890
    http_host = "127.0.0.1" 
    http_port = 17170
    http_url = "http://localhost" 
    jwt_secret = "REPLACE_WITH_RANDOM" 
    ldap_base_dn = "dc=example,dc=com" 
    ldap_user_dn = "admin" 
    ldap_user_email = "admin@example.com" 
    ldap_user_pass = "SuperSecretPassword" 
    database_url = "sqlite:///usr/local/lldap_server/users.db?mode=rwc" 
    

    
    NOTE : use openssl rand -base64 15 to generate a secret key for jwt_secret

• Start and enable LLDAP on boot up:
  

  sysrc lldap_enable=YES
  service lldap start
  

• Log into the web interface on http://localhost:17170 with the username admin and the password set in the config.

Postgres Backend¶

• Install a postgresql client:
  

  pkg install postgresql14-client
  

• Create the lldap user and database:
  

  CREATE USER lldapuser WITH PASSWORD 'SuperSecretPassword' CREATEDB;
  
  CREATE DATABASE lldapdb OWNER lldapuser;
  

• Edit the lldap config:
  

  vi /usr/local/lldap_server/lldap_config.toml
  

  • Change the database_url value accordingly:
    

    database_url = "postgres://lldapuser:SuperSecretPassword@pg.example.com/lldapdb" 
    

• Restart lldap:
  

  service lldap restart
  

Resources¶

• https://github.com/lldap/lldap
• https://wiki.alpinelinux.org/wiki/Setting_up_a_LLDAP_server