An Openldap Directory Server


The recent JNDI article and an upcoming JAAS article require an LDAP server. This tutorial will walk through the basic details of reproducing the Openldap Server used in these two articles.

Openldap, Sun LDAP Server, and IBM Directory Server all started out as the same University of Michigan code base. Each of them has a slapd process running that makes up the “LDAP Server”. There are probably other variants of this code base running around.

This is by no means an exhaustive tutorial; has excellent documentation. This post gives enough information to recreate the LDAP database being used in recent examples on


By no means will this be an exhaustive tutorial, but it should get the adventurous moving in the generally correct direction.

  1. Download, compile, and install the most recent Openldap source tree from following the instructions provided in the Quickstart guide.
  2. This should have created an LDAP database whose configuration files live under /usr/local/etc/openldap. The Java and InetOrgPerson schemas need to be added to the new LDAP database. Add the following to slapd.conf in this directory
    • include /usr/local/etc/openldap/schema/java.schema
    • include /usr/local/etc/openldap/schema/core.schema
    • include /usr/local/etc/openldap/schema/cosine.schema
    • include /usr/local/etc/openldap/schema/inetorgperson.schema
  3. The slapd.conf file used in the articles presented on this site contains the following:
    • database bdb
    • suffix “dc=thinkmiddleware,dc=com”
    • rootdn “cn=Manager,dc=thinkmiddleware,dc=com”
  4. Create a start command called /usr/local/bin/startLdap that contains the following:
  5. #!/bin/bash
    set -x
    su root -c /usr/local/libexec/slapd

  6. You can then start the LDAP Server by running startLdap.
  7. Verify a slapd process is running with “ps -ef | grep slapd”.
  8. Verify that something is listening on port 389 with “netstat -an | grep 389”.
  9. Create an script that contained the following:
  10. #!/bin/bash
    ldapadd -x -D “cn=Manager,dc=thinkmiddleware,dc=com” -w ${PASSWORD} -f $1.ldif

  11. Create a script called that contains the following:
  12. #!/bin/bash
    echo “Password: ”
    read PASSWORD
    while [ $COUNT -lt $TOTAL ];
    COUNT=`expr $COUNT + 1`
    echo “Adding user $COUNT”
    cp dummy.ldif $COUNT.ldif
    sed s/”dummy”/”$COUNT”/g $COUNT.ldif > $COUNT.ldif.tmp
    mv $COUNT.ldif.tmp $COUNT.ldif
    rm $COUNT.ldif

  13. Create a file called dummy.ldif, which contains the following:
  14. dn: cn=dummy,ou=Users,dc=thinkmiddleware,dc=com
    objectClass: inetOrgPerson
    cn: dummy
    sn: dummy
    userPassword: secret

  15. Using the Ldap Browser mentioned in the JNDI Tutorial, add a new Organization Unit, “ou=Users” under the “dc=thinkmiddleware,dc=com” branch.
  16. Create 5000 users under “ou=Users,dc=thinkmiddleware,dc=com” by running Note, this creates 5000 separate LDIF (LDAP Data Interchange Format) files, but deletes the LDIF file created on each iteration.

The 5000 users are named: 1,2,…,4999,5000. The password for each is “secret”; for anything important, a different password is recommended. The Distinguished Name for each user is “cn=####,ou=User,dc=thinkmiddleware,dc=com” where ####=1,2,…,4999,5000.

At this point, an LDAP database that be used with example code in the JNDI & JAAS articles has been created.