Creating People in OpenLDAP using Apache Directory Studio

[ This post is part of my ongoing instructional series on setting up some baseline IT infrastructure for the fictional startup Shoestring Lab. Shoestring has committed to using Open Source wherever possible. Shoestring Lab has standardized on Ubuntu for its server and desktop/laptop computer systems.

Today's lesson

Part of your job is managing user access to various internal computer resources. Now that you have installed OpenLDAP and Apache Directory Studio, configured access and created some groups, you will need to add people to your new OpenLDAP service.]


Open Apache DS and connect to your OpenLDAP server. Open the root DSE until you see the entry for ou=people.\

Right click on ou=people and select New > New Entry.

Click Next. Type inet into the box at left, then select inetOrgPerson.

Click Add to add the necessary classes for our new user.

Click Next. On the left, type cn, on the right, type a username. ( I'll use my name ).

Click Next. The wizard will prompt you to enter a value for sn. Unlike the uniqueMember attribute in the groups, you can't add a user without the sn attribute, so enter the username again.

Click Finish. You should now see an entry for the person under ou=people.

In the entry (middle pane above) right click and select New Attribute from the menu. Type "userPassword":

Click Finish. You will be prompted to enter a new password for the user:

Enter a password, and re-confirm it. Select the hash method you would like to use. Make sure you select something supported by your applications.


Next, you will add people to groups to provide group management of services in your network.