In this exercise, the objective is to deploy Lightweight Directory Access Protocol (LDAP) in the Samba environment initially deployed here.

To achieve this goal the standalone LDAP daemon (slapd) is to be installed and configured.


From the source website, OpenLDAP is "an open source implementation of the Lightweight Directory Access Protocol".


Before installation, OpenLDAP has the following prerequisite packages:

  • nss_ldap
  • pam_ldap
  • smbldap-tools

OpenLDAP can be installed through a package manager or from source.


After successful installation, use a text editor to modify the configuration file. By default this is located at /usr/local/etc/openldap/slapd.ldif.

A sample configuration for is as shown.

dn: olcDatabase=mdb,cn=config
objectClass: olcDatabaseConfig
objectClass: olcMdbConfig
olcDatabase: mdb
OlcDbMaxSize: 1073741824
olcSuffix: dc=contoso,dc=com
olcRootDN: cn=Administrator,dc=contoso,dc=com
olcRootPW: secret
olcDbDirectory: /usr/local/var/openldap-data
olcDbIndex: objectClass eq

For use by slapd, the configuration file is imported by running the command shown.

su root -c /usr/local/sbin/slapadd -F /usr/local/etc/cn=config -l /usr/local/etc/openldap/slapd.ldif

If configuration is successful, slapd can be started using the following command.

su root -c /usr/local/libexec/slapd -F /usr/local/etc/cn=config


By default, slapd grants read access to everybody. For security reasons it is important to enable access controls as documented here.