How to Install OpenLDAP on CentOS Stream 10 (A Step-by-Step Guide)

Managing a directory of users, groups and resources centrally helps streamline authentication and access across your Linux infrastructure. In this tutorial, you’ll learn how to install and configure OpenLDAP on OpenLDAP using CentOS Stream 10. Whether you’re in IT operations or managing multiple systems, you’ll finish with a working LDAP server ready for use.

What is OpenLDAP?

OpenLDAP is an open-source implementation of the Lightweight Directory Access Protocol (LDAP). It provides a directory service to store and access information about users, groups, devices and other resources in a network. By using OpenLDAP, you can centralize authentication, permissions and directory lookups across multiple systems.

Why Install OpenLDAP on CentOS Stream 10?

There are several reasons you might choose this combination:

• Centralized user management – Manage authentication for many systems from one directory.
• Enterprise/IT friendly – Fits well into operational workflows for infrastructure teams.
• Modern platform – CentOS Stream 10 offers a recent base with ongoing updates.
• Automation & scalability – Suitable for scripting, configuration management and large deployments.

Prerequisites

Before you begin, make sure:

• You have a CentOS Stream 10 server with root or sudo privileges and all updates applied.
• The system has internet access to fetch packages.
• Basic familiarity with Linux command-line and editing configuration files.
• (Optional) If you will allow external connections, firewall and SELinux contexts will need to be addressed.

Step 1: Install OpenLDAP Packages

Open a terminal and run the following commands:

sudo dnf update -y
sudo dnf install -y openldap openldap-servers openldap-clients

This installs the server daemon (slapd), client tools and supporting libraries. ([idroot][1])

Step 2: Start and Enable the LDAP Service

sudo systemctl start slapd
sudo systemctl enable slapd
sudo systemctl status slapd

You should see the service in active (running) state. ([idroot][1])

Step 3: Generate the LDAP Administrator Password

To set an administrator (root) password for your LDAP directory, use:

slappasswd

You’ll be prompted to enter a password and the tool will output a hash (for example {SSHA}…). Copy this hash for later use. ([idroot][1])

Step 4: Configure the LDAP Database (Suffix, RootDN, RootPW)

Create an LDIF file (e.g., config.ldif) with contents similar to:

dn: olcDatabase={2}mdb,cn=config
changetype: modify
replace: olcSuffix
olcSuffix: dc=example,dc=com

dn: olcDatabase={2}mdb,cn=config
changetype: modify
replace: olcRootDN
olcRootDN: cn=admin,dc=example,dc=com

dn: olcDatabase={2}mdb,cn=config
changetype: modify
replace: olcRootPW
olcRootPW: {SSHA}your_hashed_password

(Replace dc=example,dc=com and your_hashed_password accordingly.)
Then apply it with:

sudo ldapmodify -Y EXTERNAL -H ldapi:/// -f config.ldif

This sets your base domain (suffix), administrative user (RootDN) and password. ([idroot][1])

Step 5: Copy DB Config and Fix Permissions

sudo cp /usr/share/openldap-servers/DB_CONFIG.example /var/lib/ldap/DB_CONFIG
sudo chown ldap:ldap /var/lib/ldap/DB_CONFIG

This ensures the database backend has the correct configuration and ownership. ([idroot][1])

Step 6: Adjust Firewall and SELinux (If Needed)

If your server will accept external LDAP connections (port 389 for LDAP, 636 for LDAPS), you may need to open firewall ports:

sudo firewall-cmd --add-service=ldap --permanent
sudo firewall-cmd --reload

For SELinux, if necessary enable correct booleans. (Adjust based on your environment.) ([IBM][2])

Step 7: Add Base Domain Entry

Create a file base.ldif with something like:

dn: dc=example,dc=com
objectClass: top
objectClass: dcObject
objectClass: organization
o: Example Org
dc: example

dn: ou=People,dc=example,dc=com
objectClass: organizationalUnit
ou: People

dn: ou=Groups,dc=example,dc=com
objectClass: organizationalUnit
ou: Groups

Then add it:

ldapadd -x -D "cn=admin,dc=example,dc=com" -W -f base.ldif

This populates your directory with the top-level entries where you’ll add users/groups later. ([Server World][3])

Step 8: Basic Testing

Check that the directory responds:

ldapsearch -x -LLL -H ldap://localhost -b dc=example,dc=com

You should see entries returned (including the base you added). If you see errors check logs (/var/log/slapd.*) and ensure service is running. ([idroot][1])

Step 9: Next Steps & Best Practices

• Secure the connection: Consider enabling TLS/SSL (LDAPS) to encrypt traffic between clients and LDAP.
• Add schemas: If needed, import additional LDAP schemas (e.g., inetOrgPerson, nis).
• Define ACLs: Configure access control lists to restrict who can read or write specific parts of the directory.
• Backup & monitoring: Regularly back up your LDAP directory and monitor response times, error logs.
• Integrate clients: Configure other servers to authenticate via this LDAP directory (via nslcd, sssd, etc.).

Conclusion

Installing OpenLDAP on CentOS Stream 10 is a solid approach to centralize your authentication and directory services. By following these steps you’ll have a working LDAP server ready for further customization and scaling. Whether you manage a handful of systems or a large enterprise environment, OpenLDAP gives you the tools to organize users, groups and resources in one place.

Call to action: Go ahead and install OpenLDAP now on a test server, configure your base domain, add a test user, and through this process build confidence in deploying LDAP for your infrastructure.