Developers Documentation



301 error for file:

User Tools

Site Tools

Directory Server

The Directory Server app is where you can view and manage your LDAP server settings. If you plan on connecting external applications to access your ClearOS directory, you can control access and find LDAP connection information.


If your system does not have this app available, you can install it via the Marketplace.

You can find this feature in the menu system at the following location:

Server|Directory|Directory Server



In the settings widget, the following parameters can be configured:

  • The Base Domain should be set to your primary Internet domain, for example

The mode is shown for convenience only – the setting is part of the Master Slave Synchronization app.


There are two security policies that can be configured:

  • The Publish Policy should be enabled if you have external applications accessing the directory, for example network-attached storage servers.
    • Not Published - Accessible only from within ClearOS
    • Local Network - Secure (636) - Accessible from LAN interfaces only. Access is using ldaps:// on port TCP 636.
    • Local Network - Non-secure (389/636) - Accessible from LAN interfaces only. Access is using either ldap:// on port 389 or ldaps:// on port 636.
    • All Networks - Secure (636) - Accessible from all interfaces. Access is using the ldaps:// on port 636.
    • All Networks - Non-secure (389/636) - Accessible from all interfaces. Access is using either ldap:// on port 389 or ldaps:// on port 636.

In the interest of security it is always better to use the secure ldaps:// in preference to ldap://. As such it is unlikely that you will want to use the Non-secure options and it is not advised.

You can check to see which IP's and ports LDAP is listening on with

netstat -npl | grep slapd

  • The Accounts Access should be enabled if you have external applications requiring account information, for example adding the Global Address book feature in the Thunderbird mail client.

Directory Information

General directory information is shown to help you connect external applications to the ClearOS directory.

The bind information and password listed here is critical and sensitive and should be protected.

If you are trying to access LDAP from the LAN or externally using LDAPS on TCP port 636, you may need to import the LDAP CA certificate from/etc/openldap/certs/clearos-ca-cert.pem into your client

Accessing the Directory

Webconfig uses the LDAP Directory transparently for many functions. For the most part, adding users, creating groups, setting passwords or changing information about the server will modify the directory in all the ways you need it to without needing to manually enter records.

Modifying data in your LDAP directory can break functionality of ClearOS and make it unsupportable! Please be very careful.

Desktop Graphical Tools

You can use tools like the Apache Directory Studio or phpLDAPadmin to browse or change directory information. Use the information shown in the app to connect the client to the ClearOS directory.

Command Line

You can also use command line tools to manage the directory. For these examples we will use the following data:

  • Hostname: localhost
  • Base DN: dc=clearos,dc=lan
  • Bind DN: cn=manager,ou=internal,dc=clearos,dc=lan
  • Bind Password: gbGKD86gEWXLYNRm

A simple search will reveal our entire LDAP directory.

ldapsearch -h localhost -b "dc=clearos,dc=lan" \
-D "cn=manager,ou=internal,dc=clearos,dc=lan" \
-s sub "objectclass=*" -x -w gbGKD86gEWXLYNRm

You can also limit the results to include only specific information. For example, the following show all the groups on the system:

ldapsearch -h localhost -b "dc=clearos,dc=lan" \
-D "cn=manager,ou=internal,dc=clearos,dc=lan" \
-s sub "objectclass=GroupOfNames" -x -w gbGKD86gEWXLYNRm


content/en_us/7_ug_openldap_directory.txt · Last modified: 2019/08/27 04:14 by nickh