OpenLDAP packages

LTB project provides 5 packages for Debian/Ubuntu and Red-Hat/CentOS:


main OpenLDAP package, including slapd-cli, systemd service, and many openldap core modules (see below)


additional openldap modules (see the list below)


debug symbols for openldap


additional overlay exponential lockout


additional utilities for the mdb database backend (mdb_*)


LTB team tries to keep packages up to date with the latest OpenLDAP version.


Every backend and overlay is compiled as a module.

The main OpenLDAP package includes:

  • backends:

    • mdb: main database storage

    • ldap: LDAP proxy

    • meta: agregation of multiple LDAP proxies

    • sock

  • SSL/TLS with OpenSSL

  • SASL (including SASL passwords)

  • SLAPI support

  • CRYPT password

  • support of tcp-wrappers

  • support of reverse lookups of client hostnames

  • argon2 hash scheme

  • schema expose (SLAP_SCHEMA_EXPOSE flag for hidden schema elements)

  • load-balancer (compiled as a module)

  • slapd-cli project, including slapd-cli tool, and systemd services for OpenLDAP and load-balancer

  • logrotate script

  • all standard overlays:

    • accesslog: In-Directory Access Logging

    • auditlog: Audit Logging

    • autoca: Automatic Certificate Authority

    • collect: Collect

    • constraint: Attribute Constraint

    • dds: Dynamic Directory Services

    • deref: Dereference

    • dyngroup: Dynamic Group

    • dynlist: Dynamic List

    • homedir: Home Directory Management

    • memberof: Reverse Group Membership

    • otp: OTP 2-factor authentication

    • ppolicy: Password Policy

    • proxycache: Proxy Cache

    • refint: Referential Integrity

    • remoteauth: Deferred Authentication

    • retcode: Return Code testing

    • rwm: Rewrite/Remap

    • seqmod: Sequential Modify

    • sssvlv: ServerSideSort/VLV

    • syncprov: Syncrepl Provider

    • translucent: Translucent Proxy

    • unique: Attribute Uniqueness

    • valsort: Value Sorting

    • ppm (Password Policy Module): extension to the password policy overlay

The contrib-overlay package includes these additional overlays:

  • autogroup: automatic updates of group memberships which meet the requirements of any filter contained in the group definition.

  • lastbind: logs the last user authentication

  • noopsrch: “no operation search”: do a search in dry-run

  • nssov: handles NSS lookup requests through a local Unix Domain socket

  • pw-pbkdf2: allows PBKDF2 hash scheme

  • pw-sha2: allow SHA2 hash scheme

  • smbk5pwd: update Kerberos keys and Samba password hashes (without Heimdal Kerberos support)

  • variant: share values between entries

  • vc: implements the LDAP “Verify Credentials” extended operation

The installation lies under /usr/local/openldap, in order to avoid conflicts with existing OpenLDAP installation. In particular, we do not interfere with the ldap system libraries, which are linked in by many other programs.