LDAP is abbreviated as Light Weight Directory Access Protocol. It is a type of authentication mechanism which provide centralized authentication to the users and across different systems.This LDAP is independent mechanism which provide centralized login from Linux to other operating system remotely such as, Linux & windows, etc. This mechanism is purely works on two default ports such as 389 & 636.

Directory Services In all and different platforms

  1. Microsoft: Active directory Services
  2. MAC: Apple DIR Services
  3. NOVEL: Novel DIR Service
  4. Sun Solaris: Sun DIR Services
  5. Linux: Redhat DIR Services, Fedora DIR Services, etc.

OpenLDAP Servers

This is a default application in Linux versions which implement LDAP Server practically This application is a free source & open source application which comes inbuilt with OS to configure LDAP.

  1. Centralized Login Services in Linux
  2. NIS (LXL) Login
  3. NIS + = LXW Login
  4. Samba PDC( Primary Domain Controller)= LXW Login
  5. Samba windbind = WXL Login
  6. LDAP = LXW &LXL Login

LDAP & NIS Servers

This both are the default services in Linux which can be implement by using ypserv & open LDAP – Servers. Default applications to provide centralized login to the user and across different system, but there are some difference between these two:

  1. NIS
  2. LDAP

1. NIS: It is platform Dependent. It works on random ports. Its is less secure because it transfers the passwords in decrypted format. It has no firewall support. It has no domain hierarchy support.
2. LDAP: It is a platform independent. It works on standard ports like 389, 636. It is more secure because it transfers the user’s password by encrypting it with the help of 636 port. Firewall supported because it works on standard ports. It has Hierarchy domain support. BDB (Berkeley Database) is the LDAP Database by default comes with BDB application which maintain LDAP database.

Structure of LDAP Database:

LDAP structure can be maintain with the help of object class and schema

  1. Object Class: The collection of properties like DN(Distinguish Name), DC (Domain Container), OU (Organizational Unit) & UID is called object class.
  2. Schema: The collection of users properties like Pin code, emp ID, etc is called schema.

Requirement of LDAP

  • Software = openldap* ldap* nss* db*
  • Config file = vi / etc/ openldap / sladp.conf
  • Files= /usr/share / openldap/ migration / migrate_common.ph
  • Data Base = /var / lib / ldap
  • Service = Ldap
  • Port = 389, 636
  • Daemon = ldap
  • DBfile == DB_CONFIG.sample

To configure LDAP (In LDAP server)

Step-1 (Check & install the s/w)
# yum install openldap* ldap* nss* db* -y
Step-2 (Check & change the hostname)
# hostname ldap.techbrown.com
# vi /etc/sysconfig/network
# vi /etc/hosts
Step-3 (Edit 1st ldap file)
# vi /etc/openldap/sladp.conf

In 85th line change domain

“dc=techbrown, dc=com”

In 86th line

“cn=manager, dc=techbrown, d=com”

In last line provide password

Rootpw a


Step-4 (Edit 2nd ldap file)
# vi /user/openldap/migration/migrate_common.ph
:l, $ /padl/techbrown


Step-5(Copy DB file into Default Dir)
# cd /var/lib/ldap
# cp – rv /etc/openldap/DB_CONFIG.example /var/lib/ldap
Step-6 (Rename filename)
# chown Ldap.ldap DB_CONFIG
# systemctl restart ldap
Step-7 (Create Domain File)
# cd /etc/openldap
# vi techbrown.com.ldif
Dn:<>dc=techbrown, dc=com
Object class :<> dc objecrt
Object class : <>organizational Unit
Ou: <>people


# vi ou.ldif
Dn: ou=people, dc=techbrown, dc=com
Object Class : Organizational Unit


Step-8 (Add user and passwords)
# user add techbrown
Passwd techbrown
Step-9 (Create ldap DB)
# grep techbrown /etc/paswd >> /etc/openldap/techbrown.passwd
# grep /usr/share/openldap/migration/migrate_passwd.pl /etc/openldap/techbrown.passwd
# cat /etc/openldap?techbrown.ldif
Step-10 (Add all 3 filesinto LDAP DB)
# ldapadd –x –D “ cn=Manager,, dc= techbrown, dc= com” –w –f /etc/openldap/techbrown.com.ldif
Passwd techbrown

Note:- Follow above same command to add ou.ldif and techbrown.com.ldif (repeat the process)

Configure NFS Server

# yum install nfs* -y
# vi /etc/exports/home* (rw, sync)


# systemctl restart nfs

To check in client system

# authconfig –twi > ldap >
Server (ldap server lp)
Dc = techbrown, dc = com [ok]
Step-1 (Mount to server home dir to share user dir)
# mount /home/techbrown
# su –techbrown
# mkdir data{}
Step-2 (To check user data, move to server & check)
# ls /home/techbrown
Step-3 (Inclient system to login from GUI)
# vi/etc/fstab /home/home. Nfs defaults


Step-4 (Restart the services permanent)
# systemctl enable network
# systemctl enable portmap
# reboot
Step-5 (To give client User No login permission)
# usermod –s /sbin/nologin techbrown
# grep techbrown /etc/passwd >> /etc/openldap/techbrown.passwd
# /usr/share/openldap/migration/migrate_passwd.pl /etc/openldap/techbrown.passwd /etc/openldap/techbrown.ldif
# ldapmodify –x –D “cn= Manager, dc = techbrown, dc = com” –w –f /etc/openldap/techbrown.ldif
# ldapsearch –x –b “dc = techbrown,dc = com(object class = *)’

Note:- To give the user –No login permission the service should started permanently
# systemctl enable network
# systemctl enable portmap

That’s all for now.

How to Restricting and Logging Sudo Access on Linux

Previous article

How to Hide Server Signature of Nginx and PHP Version on Linux

Next article

You may also like


Leave a reply

Your email address will not be published. Required fields are marked *

More in Linux