In this exercise, the objective is to deploy Lightweight Directory Access Protocol (LDAP) in the Samba environment initially deployed here.

To achieve this goal the standalone LDAP daemon (slapd) is to be installed and configured.

OpenLDAP

From the source website, OpenLDAP is "an open source implementation of the Lightweight Directory Access Protocol".

Installation

Before installation, OpenLDAP has the following prerequisite packages:

  • nss_ldap
  • pam_ldap
  • smbldap-tools

OpenLDAP can be installed through a package manager or from source.

Configuration

After successful installation, use a text editor to modify the configuration file. By default this is located at /usr/local/etc/openldap/slapd.ldif.

A sample configuration for contoso.com is as shown.

dn: olcDatabase=mdb,cn=config
objectClass: olcDatabaseConfig
objectClass: olcMdbConfig
olcDatabase: mdb
OlcDbMaxSize: 1073741824
olcSuffix: dc=contoso,dc=com
olcRootDN: cn=Administrator,dc=contoso,dc=com
olcRootPW: secret
olcDbDirectory: /usr/local/var/openldap-data
olcDbIndex: objectClass eq

For use by slapd, the configuration file is imported by running the command shown.

su root -c /usr/local/sbin/slapadd -F /usr/local/etc/cn=config -l /usr/local/etc/openldap/slapd.ldif

If configuration is successful, slapd can be started using the following command.

su root -c /usr/local/libexec/slapd -F /usr/local/etc/cn=config

Notes

By default, slapd grants read access to everybody. For security reasons it is important to enable access controls as documented here.

References