Before knowing OpenLDAP Server  first of all we know about LDAP. LDAP is Known as Light weight Directory Access Protocol. Most of the directory access protocol uses Local Authentication.but Centralized Authentication Services has the two most commonly used authentication services are Network Information Service (NIS) and Lightweight Directory Access Protocol (LDAP) Both NIS and LDAP are used to manage the user accounts centrally.But Lightweight Directory Access Protocol (LDAP) has some advantages over NIS.

Introduction to the LDAP

LDAP is abbreviated as Lightweight Directory Access Protocol. It is an open standard. It uses fixed ports, 389 TCP for regular communication and 636 TCP for encrypted communication.
LDAP is used as the backbone of Microsoft’s Active Directory Service and Novell’s Novell Directory Services (NDS) products.LDAP can also interact with other login programs, such as Remote Authentication Dial?in User Service (RADIUS), which is used by many ISP to manage dialup Internet access.

Working Principle of LDAP

LDAP-config local-authentication
LDAP utilizes a client-server model. One or more LDAP servers contain the data making up the directory information tree (DIT). The client connects to servers and asks it a question. The server responds with an answer and/or with a pointer to where the client can get additional information .
No matter which LDAP Server a client connects to, it sees the same view of the directory; a name presented to one LDAP Server references the same entry it would at another LDAP Server. This is an important feature of a global directory service.

Step-I (Install the Open LDAP packages)
[root@ldapserver ~]# yum install openldap-servers nss_ldap samba httpd openssl mod_ssl mysql mysql-server php php-xml php-LDAP php-mysql php-pdo php-cli phpcommon smbldap-tools
Step-II (Create the LDAP root password)
[root@ldapserver ~]# slappasswd

Now copy this password to /etc/openldap /slapd.conf

Step-III (Edit and add these to the configuration file)
[root@ldapserver ~]# vi /etc/openldap/slapd.conf
include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/inetorgperson.schema
include /etc/openldap/schema/nis.schema
include /etc/openldap/schema/samba.schema
allow bind_v2
pidfile /var/run/openldap/
argsfile /var/run/openldap/slapd.args
[root@ldapserver ~]# vi /etc/openldap/slapd.conf
database bdb
suffix ""
rootdn "cn=root,dc=techbrown,dc=com”
rootpw {SSHA}TTzshhAbmZPPb8F2s7sgf9B+IrZt+nUD
password-hash {SSHA}
directory /var/lib/LDAP/
index cn,sn,uid,displayName pres,sub,eq
index uidNumber,gidNumber eq
index sambaSID eq
index sambaPrimaryGroupSID eq
index sambaDomainName eq
index objectClass pres,eq
index default sub
Step-IV (Now copy samba schema file)
# cp /usr/share/doc/samba-3.*/LDAP/samba.schema /etc/openldap/schema/
# cp /etc/openldap/DB_CONFIG.example /var/lib/LDAP/DB_CONFIG
# chown LDAP:LDAP /var/lib/LDAP/DB_CONFIG
# chmod 600 /var/lib/LDAP/DB_CONFIG
Step-V (Edit the configuration file with this parameter)
[root@ldapserver ~]# vi /etc/openldap/init.ldif
dn: dc=techbrown, dc=com
objectclass: dcObject
objectclass: organization
o: CentOS Directory Server
dn: cn=root,dc=techbrown, dc=com
objectclass: organizationalRole cn: root
Cn : root
Step-VI (Restart the LDAP services)
# service LDAP restart
# ldapsearch -x -b "dc=techbrown,dc=com”
Step-VII (Integrate LDAP and Samba)
# mv /etc/samba/smb.conf /etc/samba/smb.conf.dist
# cp /usr/share/doc/smbldap-tools /smb.conf /etc/samba/smb.conf
Step-VIII (under [global] add these lines)

under [global], you will need to add these three settings not there by default:

LDAP ssl = off
nt acl support = yes
socket options = TCP_NODELAY SO_RCVBUF=8192
Step-IX (Integrate LDAP and Samba)
# cp /usr/share/doc/smbldap-tools/smbldap.conf /etc/smbldap-tools/smbldap.conf
# net getlocalsid
Step-X (Give proper permission)
# chmod 644 /etc/smbldap-tools/smbldap.conf
# chmod 600 /etc/smbldap-tools/smbldap_bind.conf
# authconfig-tui

Check following line exists

[ ] Local authorization is sufficient

Testing of Samba and LDAP configuration on client side (Linux and Windows)

Linux: Now test the samba and LDAP configuration on Linux Client Side

Now join your Linux

# testparm
# smbldap-populate
# service smb restart
# service LDAP restart

Add user & machine

# useradd user1
# smbldap-useradd –a -s /bin/bash -d /home/user2 -F "" -P user1
Windows: Now test the samba and LDAP configuration on Windows Client Side

Now join your Windows

Step-I (In windows system go to–> my computer–> right click–> select properties)
Step-II (Provide Hostname & Domain name—> say ok)


That’s all for now.