Quick start tutorial

This tutorial will guide you into a minimal installation and configuration procedure. You need some prerequisites:
  • A computer with a GNU/Linux recent distribution (Debian, Ubuntu, CentOS, RHEL, ...) with root privileges
  • A web browser
  • The possibility to update your local hosts file, or an easy access to your DNS server
  • A cup of coffee (or tea, we are open minded)


You should install Lemonldap::NG using packages, but you can also install it from the tarball.

Debian / Ubuntu

apt install apt-transport-https
wget -O - https://lemonldap-ng.org/_media/rpm-gpg-key-ow2 | apt-key add -
echo "deb https://lemonldap-ng.org/deb stable main" > /etc/apt/sources.list.d/lemonldap-ng.list
apt update
apt install lemonldap-ng


curl https://lemonldap-ng.org/_media/rpm-gpg-key-ow2 > /etc/pki/rpm-gpg/RPM-GPG-KEY-OW2
echo "[lemonldap-ng]
name=LemonLDAP::NG packages
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-OW2" > /etc/yum.repos.d/lemonldap-ng.repo
yum update
yum install lemonldap-ng

SSO domain configuration

The defaut SSO domain is example.com. You can keep it for your tests or change it, for example for mydomain.com:

sed -i 's/example\.com/mydomain.com/g' /etc/lemonldap-ng/* /var/lib/lemonldap-ng/conf/lmConf-1.json
sed -i 's/example\.com/mydomain.com/g' /etc/nginx/conf.d/*
sed -i 's/example\.com/mydomain.com/g' /etc/httpd/conf.d/*
sed -i 's/example\.com/mydomain.com/g' /etc/apache2/sites-available/*

In order to be able to test, update your DNS or your local hosts file to map this names to the SSO server IP:

  • auth.mydomain.com
  • manager.mydomain.com
  • test1.mydomain.com
  • test2.mydomain.com

For example on your local computer:

echo " auth.mydomain.com manager.mydomain.com test1.mydomain.com test2.mydomain.com" >> /etc/hosts 


Since LemonLDAP::NG 1.2, the demonstration backend is configured by default.

Demonstration backend has hard coded user accounts:

Login Password Role
rtyler rtyler user
msmith msmith user
dwho dwho administrator

Open SSO session

Go on http://auth.mydomain.com and log with one of the demonstration account.

Access protected application

Edit configuration

Log with the dwho account and go on http://manager.mydomain.com