How to install LDAP 389 Directory Server on a CentOS 6 VPS

how-to-install-ldap-389-directory-server-on-a-centos-6-vps In this article we will guide you through the steps on how to install LDAP 389 Directory Server (389 DS) on a CentOS 6 VPS.

What is 389 DS?

It is an enterprise-class Open Source LDAP server for GNU/Linux. It is hardened by real-world use, is full-featured, supports multi-master replication, and already handles many of the largest LDAP deployments in the world. The 389 Directory Server can be downloaded for free, and set up in less than an hour using the graphical administration console.

Some of the Key Features of 389 DS are:

  • High performance
  • Multi-Master Replication, to provide fault tolerance and high write performance
  • The codebase has been developed and deployed continuously by the same team for more than a decade
  • Extensive documentation
  • Active Directory user and group synchronization
  • Secure authentication and transport (SSLv3, TLSv1, and SASL)
  • Support for LDAPv3
  • On-line, zero downtime, LDAP-based update of schema, configuration, management and in-tree Access Control Information (ACIs)
  • Graphical console for all facets of user, group, and server management
  • and many more

System Requirements?




Before proceeding any further, ssh to your CentOS Linux VPS, initiate a screen session and upgrade your system using yum:

## screen -U -S 389-ds
## yum update



You need to enable the EPEL (Extra Packages for Enterprise Linux) repository on your CentOS VPS before you install the 389 Directory Server. To do it, run the following rpm command as root:

## rpm -Uvh

if you encounter a 404 error message, go to and install the latest epel-release-6-X.noarch.rpm



Next, add an unprivileged system user on your CentOS Linux Server which will be used for 389 DS. You can achieve this by using the useradd tool as in:

## useradd ldapadmin

setup password for the newly created user using passwd:

## passwd ldapadmin



The LDAP 389 Directory Server can be installed on your CentOS VPS using yum. To install it, execute the following command:

## yum install 389-ds openldap-clients

if you’re prompted with something like this:

warning: rpmts_HdrFromFdno: Header V3 RSA/SHA256 Signature, key ID 0608b895: NOKEY
Retrieving key from file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-6
Importing GPG key 0x0608B895:
 Userid : EPEL (6) <>
 Package: epel-release-6-8.noarch (installed)
 From   : /etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-6
Is this ok [y/N]: y

then simply accept the signing key by typing ‘y’ and hit ‘ENTER’



Once the 389 DS is finished, let’s configure the directory server using the provided perl script. Make sure you change the relevant information to suit your needs. Here are some tips for the installer:

- type Ctrl+B and hit 'ENTER' to go back to the previous screen
- type Ctrl+C to cancel the setup

Ok, now execute the following command to initiate the setup:


and answer the questions prompted, for example:

Would you like to continue with set up? [yes]: yes
Would you like to continue? [no]: yes
Choose a setup type [2]: 2
Computer name []:
System User [nobody]: ldapadmin
System Group [nobody]: ldapadmin
Do you want to register this software with an existing
configuration directory server? [no]: no
administrator ID [admin]: admin
Administration Domain []:
Directory server network port [389]: 389
Directory server identifier [host]: host
Suffix [dc=yourdomain, dc=com]: dc=yourdomain, dc=com
Directory Manager DN [cn=Directory Manager]: PRESS ENTER
Administration port [9830]: PRESS ENTER
Are you ready to set up your servers? [yes]: yes



With your 389 DS being setup and configured, add it to your system startup so it starts automatically every time the Linux VPS is rebooted:

## chkconfig dirsrv on
## chkconfig dirsrv-admin on

next, check if services are up and listening using the following netstat command:

Need a fast and easy fix?
✔ Unlimited Managed Support
✔ Supports Your Software
✔ 2 CPU Cores
✔ 2 GB RAM
✔ 50 GB PCIe4 NVMe Disk
✔ 1854 GeekBench Score
✔ Unmetered Data Transfer

Now just $43 .99

## netstat -tunlp | grep -E '9830|389'

tcp 0  0*  LISTEN 1231/httpd.worker
tcp 0  0 :::389        :::*       LISTEN 1110/./ns-slapd



Next step is to allow access to your LDAP ports in your server’s firewall. You can achieve this by using the following iptables commands:

## iptables -A INPUT -p tcp --dport 389  -m state --state NEW -j ACCEPT
## iptables -A INPUT -p tcp --dport 9830  -m state --state NEW -j ACCEPT
## service iptables save



You can test the setup by performing the following LDAP query using the ldapsearch command:

## ldapsearch -x -b "dc=yourdomain,dc=com"

if you get something like this:

# search result
search: 2
result: 0 Success

then everything looks good. your directory server is installed and operating.



You need to use the appropriate 389 DS Administration Console depending on the client OS you’re using. If you’re using some GNU/Linux based distribution, then you can simply run the 389-console program to access the GUI console. If you’re using a Windows based machine, then you need to download the administration console from

Of course you don’t have to do any of this if you use one of our Fully Managed Hosting Services, in which case you can simply ask our expert Linux admins to install LDAP 389 DS for you. They are available 24×7 and will take care of your request immediately.

PS. If you liked this post please share it with your friends on the social networks using the buttons on the left or simply leave a reply below. Thanks.

Leave a Comment

To prove you are human please solve the following *