This guide walks you through deploying an OpenLDAP server using Docker, along with a web-based management interface provided by LAM (LDAP Account Manager).
This deployment includes:
- OpenLDAP (directory service)
- LAM (web-based management interface)
- Docker-based deployment (easy to install and maintain)
- Centralized user authentication
- NAS / SMB / FTP integration
- Enterprise user and permission management
- Docker Engine and Docker Manager must be installed
- Ports 389 and 8080 must be available
Create a working directory:


Code: Select all
services:
openldap:
image: vegardit/openldap:latest
container_name: openldap
restart: unless-stopped
environment:
LDAP_INIT_ORG_DN: "dc=ldap,dc=example,dc=com"
LDAP_INIT_ORG_NAME: "Example Inc"
LDAP_INIT_ROOT_USER_DN: "uid=root,ou=People,dc=ldap,dc=example,dc=com"
LDAP_INIT_ROOT_USER_PW: "Admin@123"
LDAP_INIT_ALLOW_CONFIG_ACCESS: "false"
LDAP_INIT_PPOLICY_PW_MIN_LENGTH: "8"
ports:
- "389:389"
volumes:
- ./openldap-data:/var/lib/ldap
- ./openldap-config:/etc/ldap/slapd.d
lam:
image: ghcr.io/ldapaccountmanager/lam:stable
container_name: lam
restart: unless-stopped
depends_on:
- openldap
ports:
- "8080:80"
environment:
LAM_PASSWORD: "lamadmin"
LDAP_SERVER: "ldap://openldap:389"
LDAP_DOMAIN: "ldap.example.com"
LDAP_BASE_DN: "dc=ldap,dc=example,dc=com"
LDAP_USER: "uid=root,ou=People,dc=ldap,dc=example,dc=com"
LDAP_USERS_DN: "ou=People,dc=ldap,dc=example,dc=com"
LDAP_GROUPS_DN: "ou=Groups,dc=ldap,dc=example,dc=com"
volumes:
- lam-data:/var/lib/ldap-account-manager
volumes:
lam-data:
Parameters that must be modified:
- LDAP_INIT_ORG_DN: Base DN
- LDAP_DOMAIN: Domain name (use your real domain)
- LDAP_INIT_ROOT_USER_PW: Admin password
- LDAP_USER: Admin DN
Default in this guide:
Code: Select all
dc=ldap,dc=example,dc=com
Code: Select all
dc=example,dc=com
Code: Select all
dc=nas,dc=company,dc=local
Code: Select all
uid=root,ou=People,dc=nas,dc=company,dc=local
- Using the example DN directly
- Not changing the default password
- Mismatch between Base DN and LDAP_DOMAIN
- Plan your domain structure in advance
- Define OU structure (People / Groups)
- Always change default passwords in production
Open in your browser:
Code: Select all
http://YOUR_IP:8080

Default login credentials:
- Username: admin (LAM web UI account)
- Password: lamadmin
If login fails, configure the LDAP connection manually in LAM:
- LDAP Server: ldap://openldap:389
- Base DN: dc=ldap,dc=example,dc=com
- Admin DN: uid=root,ou=People,dc=ldap,dc=example,dc=com (full DN required)
- Password: Admin@123
Should you create groups before users?
Reason:
- Each user must have a primary group
- Avoid missing gidNumber issues
- Required for Linux / NAS authentication
- Go to Groups → New Group
- Group name: e.g. users
- GID Number: auto or manually assigned
- Save
- Go to Users → New User
- User name: e.g. test
- UID Number: auto or manual
- Primary group: select users
- Home directory: /home/test
- Set password
- Save
- Check the user exists in the Users list
- Check the user is assigned to the group
- Without a group, gidNumber may be missing
- Login depends on uidNumber + gidNumber
- Use UID/GID starting from 10000
Code: Select all
ou=People
ou=Groups
- Check the container name (openldap)
- Ensure both containers are in the same Docker network
- Check port 389 availability
- Use the full DN (not just username)
- Check DN format carefully
- Use a real domain (dc=company,dc=com)
- Enable LDAPS in production
- Backup /var/lib/ldap regularly
- Avoid using the root DN for applications
You now have:
- A working LDAP server
- A web-based management UI
- A Docker-based deployment
- NAS authentication
- SMB / FTP login
- Enterprise SSO systems
