Difference between revisions of "OpenLDAP"

Jump to navigationJump to search
(62 intermediate revisions by 9 users not shown)
Line 1: Line 1:
{| style="text-align: left; background-color: AliceBlue;"
{| style="text-align: left; background-color: AliceBlue;"
!Download Source:
!Download Source:
| ftp://ftp.openldap.org/pub/OpenLDAP/openldap-release/openldap-2.3.29.tgz
| ftp://ftp.openldap.org/pub/OpenLDAP/openldap-release/openldap-{{OpenLDAP-Version}}.tgz
{{Package-Introduction|The OpenLDAP package provides an open source implementation of the Lightweight Directory Access Protocol.|http://www.openldap.org/}}
{{Note|This page contains instructions to compile a OpenLDAP Server, Most of the time it is only the client libraries that are required, you can find this information on the [[OpenLDAP-Client]] page.}}
== Dependencies ==
== Dependencies ==
=== Required ===
=== Required ===
* [[Berkely DB]] or [[GDBM]]
* [[Berkeley DB]] or [[GDBM]]
=== Reccomended ===
=== Recommended ===
* [[CyrusSASL]]
* [[CyrusSASL]]
* [[OpenSSL]]
* [[OpenSSL]]
=== Optional ===
=== Optional ===
* [[TCP Wrappers]]
* [[TCP Wrappers]]
* [[unixODBC]]
* [[unixODBC]]
* [[GMP]]
* [[GNU Pth]]
* [[GNU Pth]]
* [[OpenSLP]]
* [[OpenSLP]]
== Non-Multilib ==
== Configuration Information ==
If you really want to build OpenLDAP with GNU Database Manager instead of Berkeley DB, add the following flags to configure script:
If you really want to build OpenLDAP with GNU Database Manager instead of Berkeley DB, add the following flags to configure script:
  --disable-bdb --disable-hdb --with-ldbm-api=gdbm
  --disable-bdb --disable-hdb --with-ldbm-api=gdbm
== Non-Multilib ==
Compile the package:
Compile the package:
  ./configure --prefix=/usr --sysconfdir=/etc \
  sed -i 's@\(^STRIP = \).*@\1 @' build/top.mk &&
    --localstatedir=/srv/ldap --disable-debug --enable-dynamic \
CPPFLAGS="-D_GNU_SOURCE" ./configure --prefix=/usr --sysconfdir=/etc \
    --enable-crypt --enable-modules --enable-ldap --enable-ldbm \
    --libexecdir=/usr/lib/openldap --localstatedir=/srv/ldap --disable-debug \
    --enable-dyngroup --enable-dynlist --enable-ppolicy --enable-valsort &&
    --enable-dynamic --enable-crypt --enable-modules --enable-wrappers \
    --enable-bdb=mod --enable-hdb=mod --enable-ldap=mod \
    --enable-monitor=mod --enable-perl=mod --enable-relay=mod \
    --enable-dyngroup=mod --enable-dynlist=mod --enable-memberof=mod \
    --enable-ppolicy=mod --enable-valsort=mod &&
make depend &&
Line 38: Line 50:
  make install &&
  make install &&
  chmod -v 755 /usr/lib/libl{dap,ber}* &&
  ln -sv ../lib/openldap/slapd /usr/sbin/slapd &&
  install -v -m755 -d /usr/share/doc/openldap-2.3.27/{drafts,guide,rfc} &&
  install -dv -m755 /usr/share/doc/openldap-{{OpenLDAP-Version}}/{drafts,guide,rfc} &&
  install -v -m644 doc/drafts/* /usr/share/doc/openldap-2.3.27/drafts &&
  install -v -m644 doc/drafts/* /usr/share/doc/openldap-{{OpenLDAP-Version}}/drafts &&
  install -v -m644 doc/rfc/*    /usr/share/doc/openldap-2.3.27/rfc &&
  install -v -m644 doc/rfc/*    /usr/share/doc/openldap-{{OpenLDAP-Version}}/rfc &&
  cp -v -R doc/guide/*          /usr/share/doc/openldap-2.3.27/guide
  cp -Rv doc/guide/*          /usr/share/doc/openldap-{{OpenLDAP-Version}}/guide
== Multilib ==
== Multilib ==
Line 50: Line 62:
Compile the package:
Compile the package:
  CC="gcc ${BUILD32}" ./configure --prefix=/usr --sysconfdir=/etc \
sed -i 's@\(^STRIP = \).*@\1 @' build/top.mk &&
    --localstatedir=/srv/ldap --disable-debug --enable-dynamic \
  CC="gcc ${BUILD32}" CPPFLAGS="-D_GNU_SOURCE" ./configure --prefix=/usr --sysconfdir=/etc \
    --enable-crypt --enable-modules --enable-ldap --enable-ldbm \
    --libexecdir=/usr/lib/openldap --localstatedir=/srv/ldap --disable-debug \
    --enable-dyngroup --enable-dynlist --enable-ppolicy --enable-valsort &&
    --enable-dynamic --enable-crypt --enable-modules --enable-wrappers \
    --enable-bdb=mod --enable-hdb=mod --enable-ldap=mod \
    --enable-monitor=mod --enable-perl=mod --enable-relay=mod \
    --enable-dyngroup=mod --enable-dynlist=mod --enable-memberof=mod \
    --enable-ppolicy=mod --enable-valsort=mod &&
make depend &&
Install the package
Install the package
  make install &&
  make install
chmod -v 755 /usr/lib/libl{dap,ber}*
=== N32 ===
=== N32 ===
Line 65: Line 81:
Compile the package:
Compile the package:
  CC="gcc ${BUILDN32}" ./configure --prefix=/usr --sysconfdir=/etc --libdir=/usr/lib32 \
sed -i 's@\(^STRIP = \).*@\1 @' build/top.mk &&
    --localstatedir=/srv/ldap --disable-debug --enable-dynamic \
  CC="gcc ${BUILDN32}" CPPFLAGS="-D_GNU_SOURCE" ./configure --prefix=/usr --sysconfdir=/etc \
    --enable-crypt --enable-modules --enable-ldap --enable-ldbm \
    --libexecdir=/usr/lib/openldap --localstatedir=/srv/ldap --disable-debug \
    --enable-dyngroup --enable-dynlist --enable-ppolicy --enable-valsort &&
    --enable-dynamic --enable-crypt --enable-modules --enable-wrappers \
    --enable-bdb=mod --enable-hdb=mod --enable-ldap=mod \
    --enable-monitor=mod --enable-perl=mod --enable-relay=mod \
    --enable-dyngroup=mod --enable-dynlist=mod --enable-memberof=mod \
    --enable-ppolicy=mod --enable-valsort=mod &&
make depend &&
Install the package
Install the package
  make install &&
  make install
chmod -v 755 /usr/lib/libl{dap,ber}*
=== 64Bit ===
=== 64Bit ===
Line 80: Line 100:
Compile the package:
Compile the package:
  CC="gcc ${BUILD64}" ./configure --prefix=/usr --sysconfdir=/etc --libdir=/usr/lib64 \
sed -i 's@\(^STRIP = \).*@\1 @' build/top.mk &&
    --localstatedir=/srv/ldap --disable-debug --enable-dynamic \
  CC="gcc ${BUILD64}" CPPFLAGS="-D_GNU_SOURCE" ./configure --prefix=/usr \
    --enable-crypt --enable-modules --enable-ldap --enable-ldbm \
    --sysconfdir=/etc --libdir=/usr/lib64 --libexecdir=/usr/lib/openldap \
    --enable-dyngroup --enable-dynlist --enable-ppolicy --enable-valsort &&
    --localstatedir=/srv/ldap --disable-debug \
    --enable-dynamic --enable-crypt --enable-modules --enable-wrappers \
    --enable-bdb=mod --enable-hdb=mod --enable-ldap=mod \
    --enable-monitor=mod --enable-perl=mod --enable-relay=mod \
    --enable-dyngroup=mod --enable-dynlist=mod --enable-memberof=mod \
    --enable-ppolicy=mod --enable-valsort=mod &&
make depend &&
Line 89: Line 115:
  make install &&
  make install &&
  chmod -v 755 /usr/lib/libl{dap,ber}*
  ln -sv ../lib/openldap/slapd /usr/sbin/slapd &&
  install -v -m755 -d /usr/share/doc/openldap-2.3.27/{drafts,guide,rfc} &&
  install -dv -m755 /usr/share/doc/openldap-{{OpenLDAP-Version}}/{drafts,guide,rfc} &&
  install -v -m644 doc/drafts/* /usr/share/doc/openldap-2.3.27/drafts &&
  install -v -m644 doc/drafts/* /usr/share/doc/openldap-{{OpenLDAP-Version}}/drafts &&
  install -v -m644 doc/rfc/*   /usr/share/doc/openldap-2.3.27/rfc &&
  install -v -m644 doc/rfc/* /usr/share/doc/openldap-{{OpenLDAP-Version}}/rfc &&
  cp -v -R doc/guide/*         /usr/share/doc/openldap-2.3.27/guide
  cp -Rv doc/guide/* /usr/share/doc/openldap-{{OpenLDAP-Version}}/guide
== Configuring ==
The information in the sections below are based off information from the following pages:
=== Additional Steps with Kerberos ===
If you plan on using LDAP with Kerberos you will need to create the LDAP Service Principle in the Kerberos database. You will also want to create a keytab for LDAP and LDAP alone.
kadmin.local -q "addprinc -randkey ldap/'''''<fqdn of ldap server>'''''@'''''<REALMNAME.COM>'''''" &&
kadmin.local -q "ktadd -k /etc/openldap/slapd.keytab ldap/'''''<fqdn of ldap server>'''''@'''''<REALMNAME.COM>'''''" &&
chmod 600 /etc/openldap/slapd.keytab
You will also need to add the LDAP Service Principle to the system keytab aswell:
kadmin.local -q "ktadd -k /etc/krb5.keytab ldap/'''''<fqdn of ldap server>'''''@'''''<REALMNAME.COM>'''''" &&
chmod 600 /etc/krb5.keytab
The '''''slapd''''' binary in /usr/sbin should be a symlink. Remove it and put a wrapper script that will point ldap at the proper keytab in its place:
rm /usr/sbin/slapd &&
cat > /usr/sbin/slapd << "EOF"
# Kerberos Wrapper Script for Slapd
if [ -f /etc/openldap/ldap.keytab ]; then
  env KRB5_KTNAME=/etc/openldap/slapd.keytab /usr/lib/openldap/slapd "$@"
  /usr/lib/openldap/slapd "$@"
chmod +x /usr/sbin/slapd
You also will want to create a user specifically for managing the ldap directory:
kadmin.local -q "addprinc ldapadm@'''''<REALMNAME.COM>'''''"
=== slapd.conf ===
If you download the following schema files to the ldap schema directory you can remove the comments on the corresponding lines:
Creating a basic slapd configuration file:
cat > /etc/openldap/slapd.conf << "EOF"
# Begin /etc/openldap/slapd.conf
# Schema Definitions
include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/inetorgperson.schema
include /etc/openldap/schema/nis.schema
#include /etc/openldap/schema/sudo.schema
include /etc/openldap/schema/misc.schema
#include /etc/openldap/schema/krb5-kdc.schema
# The location of the PID file
pidfile /srv/ldap/run/slapd.pid
# List of arguments that will be passed to the server
argsfile /srv/ldap/run/slapd.args
# Load dynamic backend modules:
modulepath /usr/lib/openldap/openldap
moduleload back_bdb.la
#moduleload back_ldap.la
#moduleload back_ldbm.la
#moduleload back_passwd.la
#moduleload back_shell.la
# Use crypt to hash the passwords
password-hash {crypt}
# If you wish to use cyrus-sasl to bind to
# Kerberos uncomment and configure the
# following lines
#sasl-realm '''''<REALMNAME.COM>'''''
#sasl-host '''''<FQDN OF SASL SERVER>'''''
#sasl-secprops none
# Map the kerberos principals to actual ldap entities.
#authz-policy from
    "uid=$1,ou=people,'''''<BASE DN>'''''"
# Define SSL and TLS properties (optional)
#TLSCertificateFile /etc/ssl/ldap.pem
#TLSCertificateKeyFile /etc/openldap/ldap-key.pem
#TLSCACertificateFile /etc/ssl/ldap.pem
# Access Lists
access to attrs=userPassword
  by dn="cn=Manager,'''''<BASE DN>'''''" write
#  by dn="uid=ldapadm,ou=people,'''''<BASE DN>'''''" write
  by dn="uid=root,ou=people,'''''<BASE DN>'''''" write
  by self write
  by anonymous auth
  by * none
access to attrs=gecos,description,loginShell
  by self write
access to *
  by dn="cn=Manager,'''''<BASE DN>'''''" write
#  by dn="uid=ldapadm,ou=people,'''''<BASE DN>'''''" write
  by dn="uid=root,ou=people,'''''<BASE DN>'''''" write
  by * read
  by * search
# BDB database definitions
database bdb
suffix "'''''<BASEDN>'''''"
# By Default the rootdn always has complete access to the entire ldap directory regardless of ACLs
# It is for this reason that after the database is populated, you disable the rootdn by either
# removing or commenting out the following 2 lines.
rootdn "cn=Manager,'''''<BASEDN>'''''"
rootpw '''''<password hash>'''''
directory "/srv/ldap/openldap-data"
# Indexes
index default pres,eq
index objectClass,uid,uidnumber,gidnumber,cn
index mail eq
# End /etc/openldap/slapd.conf
When creating the configuration file above replace ''<BASEDN>'' with your Base DN. eg. ''dc=cross-lfs,dc=org''.
You can generate a password hash for the rootdn with the following command:
slappasswd -h {SHA}
=== Bootscript ===
Install the init script included in the [[bootscripts]] package.
make install-openldap1
{{Note|The bootscript '''openldap1''' only starts slapd. '''openldap2''' starts slapd and slurpd.}}
=== Populating the Directory ===
Before continuing with the following, start the ldap service:
/etc/rc.d/init.d/openldap start
Creating an initial LDIF:
cat > entries.ldif << "EOF"
# Organization for Example Corporation
dn: '''''<BASEDN>'''''
objectClass: dcObject
objectClass: organization
dc: '''''example'''''
o: '''''Example Corporation'''''
description: '''''The Example Corperation'''''
# Organizational Role for Directory Manager
dn: cn=Manager,'''''<BASEDN>'''''
objectClass: organizationalRole
cn: Manager
description: Directory Manager
Adding the entries into the LDAP directory:
ldapadd -f entries.ldif -x -D "cn=Manager,'''''<BASEDN>'''''" -W
=== ldap.conf ===
Create a basic ldap.conf:
cat > /etc/openldap/ldap.conf << "EOF"
# Begin /etc/openldap/ldap.conf
BASE    '''''<BASE DN>'''''
URI    ldap://'''''<fqdn of ldap server>'''''
#SASL_REALM    '''''<REALM>'''''
# End /etc/openldap/ldap.conf
=== Where to go from here? ===
Configuring clients to authenticate against LDAP, and possibly Kerberos
The [[nss_ldap]] page contains information on creating some base OUs (Organizational Units) and starting to create your users and groups.

Latest revision as of 17:24, 22 March 2009

Download Source: ftp://ftp.openldap.org/pub/OpenLDAP/openldap-release/openldap-2.4.19.tgz

Introduction to OpenLDAP

The OpenLDAP package provides an open source implementation of the Lightweight Directory Access Protocol.

Project Homepage: http://www.openldap.org/



This page contains instructions to compile a OpenLDAP Server, Most of the time it is only the client libraries that are required, you can find this information on the OpenLDAP-Client page.





Configuration Information

If you really want to build OpenLDAP with GNU Database Manager instead of Berkeley DB, add the following flags to configure script:

--disable-bdb --disable-hdb --with-ldbm-api=gdbm


Compile the package:

sed -i 's@\(^STRIP = \).*@\1 @' build/top.mk &&
CPPFLAGS="-D_GNU_SOURCE" ./configure --prefix=/usr --sysconfdir=/etc \
    --libexecdir=/usr/lib/openldap --localstatedir=/srv/ldap --disable-debug \
    --enable-dynamic --enable-crypt --enable-modules --enable-wrappers \
    --enable-bdb=mod --enable-hdb=mod --enable-ldap=mod \
    --enable-monitor=mod --enable-perl=mod --enable-relay=mod \
    --enable-dyngroup=mod --enable-dynlist=mod --enable-memberof=mod \
    --enable-ppolicy=mod --enable-valsort=mod &&
make depend &&

Install the package

make install &&
ln -sv ../lib/openldap/slapd /usr/sbin/slapd &&
install -dv -m755 /usr/share/doc/openldap-2.4.19/{drafts,guide,rfc} &&
install -v -m644 doc/drafts/* /usr/share/doc/openldap-2.4.19/drafts &&
install -v -m644 doc/rfc/*    /usr/share/doc/openldap-2.4.19/rfc &&
cp -Rv doc/guide/*          /usr/share/doc/openldap-2.4.19/guide



Compile the package:

sed -i 's@\(^STRIP = \).*@\1 @' build/top.mk &&
CC="gcc ${BUILD32}" CPPFLAGS="-D_GNU_SOURCE" ./configure --prefix=/usr --sysconfdir=/etc \
    --libexecdir=/usr/lib/openldap --localstatedir=/srv/ldap --disable-debug \
    --enable-dynamic --enable-crypt --enable-modules --enable-wrappers \
    --enable-bdb=mod --enable-hdb=mod --enable-ldap=mod \
    --enable-monitor=mod --enable-perl=mod --enable-relay=mod \
    --enable-dyngroup=mod --enable-dynlist=mod --enable-memberof=mod \
    --enable-ppolicy=mod --enable-valsort=mod &&
make depend &&

Install the package

make install


Compile the package:

sed -i 's@\(^STRIP = \).*@\1 @' build/top.mk &&
CC="gcc ${BUILDN32}" CPPFLAGS="-D_GNU_SOURCE" ./configure --prefix=/usr --sysconfdir=/etc \
    --libexecdir=/usr/lib/openldap --localstatedir=/srv/ldap --disable-debug \
    --enable-dynamic --enable-crypt --enable-modules --enable-wrappers \
    --enable-bdb=mod --enable-hdb=mod --enable-ldap=mod \
    --enable-monitor=mod --enable-perl=mod --enable-relay=mod \
    --enable-dyngroup=mod --enable-dynlist=mod --enable-memberof=mod \
    --enable-ppolicy=mod --enable-valsort=mod &&
make depend &&

Install the package

make install


Compile the package:

sed -i 's@\(^STRIP = \).*@\1 @' build/top.mk &&
CC="gcc ${BUILD64}" CPPFLAGS="-D_GNU_SOURCE" ./configure --prefix=/usr \
    --sysconfdir=/etc --libdir=/usr/lib64 --libexecdir=/usr/lib/openldap \
    --localstatedir=/srv/ldap --disable-debug \
    --enable-dynamic --enable-crypt --enable-modules --enable-wrappers \
    --enable-bdb=mod --enable-hdb=mod --enable-ldap=mod \
    --enable-monitor=mod --enable-perl=mod --enable-relay=mod \
    --enable-dyngroup=mod --enable-dynlist=mod --enable-memberof=mod \
    --enable-ppolicy=mod --enable-valsort=mod &&
make depend &&

Install the package

make install &&
ln -sv ../lib/openldap/slapd /usr/sbin/slapd &&
install -dv -m755 /usr/share/doc/openldap-2.4.19/{drafts,guide,rfc} &&
install -v -m644 doc/drafts/* /usr/share/doc/openldap-2.4.19/drafts &&
install -v -m644 doc/rfc/* /usr/share/doc/openldap-2.4.19/rfc &&
cp -Rv doc/guide/* /usr/share/doc/openldap-2.4.19/guide


The information in the sections below are based off information from the following pages:


Additional Steps with Kerberos

If you plan on using LDAP with Kerberos you will need to create the LDAP Service Principle in the Kerberos database. You will also want to create a keytab for LDAP and LDAP alone.

kadmin.local -q "addprinc -randkey ldap/<fqdn of ldap server>@<REALMNAME.COM>" &&
kadmin.local -q "ktadd -k /etc/openldap/slapd.keytab ldap/<fqdn of ldap server>@<REALMNAME.COM>" &&
chmod 600 /etc/openldap/slapd.keytab

You will also need to add the LDAP Service Principle to the system keytab aswell:

kadmin.local -q "ktadd -k /etc/krb5.keytab ldap/<fqdn of ldap server>@<REALMNAME.COM>" &&
chmod 600 /etc/krb5.keytab

The slapd binary in /usr/sbin should be a symlink. Remove it and put a wrapper script that will point ldap at the proper keytab in its place:

rm /usr/sbin/slapd &&
cat > /usr/sbin/slapd << "EOF"
# Kerberos Wrapper Script for Slapd
if [ -f /etc/openldap/ldap.keytab ]; then
  env KRB5_KTNAME=/etc/openldap/slapd.keytab /usr/lib/openldap/slapd "$@"
  /usr/lib/openldap/slapd "$@"
chmod +x /usr/sbin/slapd

You also will want to create a user specifically for managing the ldap directory:

kadmin.local -q "addprinc ldapadm@<REALMNAME.COM>"


If you download the following schema files to the ldap schema directory you can remove the comments on the corresponding lines:


Creating a basic slapd configuration file:

cat > /etc/openldap/slapd.conf << "EOF"
# Begin /etc/openldap/slapd.conf

# Schema Definitions
include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/inetorgperson.schema
include /etc/openldap/schema/nis.schema
#include /etc/openldap/schema/sudo.schema
include /etc/openldap/schema/misc.schema
#include /etc/openldap/schema/krb5-kdc.schema

# The location of the PID file
pidfile /srv/ldap/run/slapd.pid

# List of arguments that will be passed to the server
argsfile /srv/ldap/run/slapd.args

# Load dynamic backend modules:
modulepath /usr/lib/openldap/openldap
moduleload back_bdb.la
#moduleload back_ldap.la
#moduleload back_ldbm.la
#moduleload back_passwd.la
#moduleload back_shell.la

# Use crypt to hash the passwords
password-hash {crypt}

# If you wish to use cyrus-sasl to bind to
# Kerberos uncomment and configure the
# following lines
#sasl-realm <REALMNAME.COM>
#sasl-host <FQDN OF SASL SERVER>
#sasl-secprops none

# Map the kerberos principals to actual ldap entities.
#authz-policy from
    "uid=$1,ou=people,<BASE DN>"

# Define SSL and TLS properties (optional)
#TLSCertificateFile /etc/ssl/ldap.pem
#TLSCertificateKeyFile /etc/openldap/ldap-key.pem
#TLSCACertificateFile /etc/ssl/ldap.pem 

# Access Lists

access to attrs=userPassword
  by dn="cn=Manager,<BASE DN>" write
#  by dn="uid=ldapadm,ou=people,<BASE DN>" write
  by dn="uid=root,ou=people,<BASE DN>" write
  by self write
  by anonymous auth
  by * none

access to attrs=gecos,description,loginShell
  by self write

access to *
  by dn="cn=Manager,<BASE DN>" write
#  by dn="uid=ldapadm,ou=people,<BASE DN>" write
  by dn="uid=root,ou=people,<BASE DN>" write
  by * read
  by * search

# BDB database definitions

database bdb
suffix "<BASEDN>"

# By Default the rootdn always has complete access to the entire ldap directory regardless of ACLs
# It is for this reason that after the database is populated, you disable the rootdn by either
# removing or commenting out the following 2 lines.
rootdn "cn=Manager,<BASEDN>"
rootpw <password hash>

directory "/srv/ldap/openldap-data"

# Indexes
index default pres,eq
index objectClass,uid,uidnumber,gidnumber,cn
index mail eq

# End /etc/openldap/slapd.conf

When creating the configuration file above replace <BASEDN> with your Base DN. eg. dc=cross-lfs,dc=org.

You can generate a password hash for the rootdn with the following command:

slappasswd -h {SHA}


Install the init script included in the bootscripts package.

make install-openldap1


The bootscript openldap1 only starts slapd. openldap2 starts slapd and slurpd.

Populating the Directory

Before continuing with the following, start the ldap service:

/etc/rc.d/init.d/openldap start

Creating an initial LDIF:

cat > entries.ldif << "EOF"
# Organization for Example Corporation
dn: <BASEDN>
objectClass: dcObject
objectClass: organization
dc: example
o: Example Corporation
description: The Example Corperation

# Organizational Role for Directory Manager
dn: cn=Manager,<BASEDN>
objectClass: organizationalRole
cn: Manager
description: Directory Manager

Adding the entries into the LDAP directory:

ldapadd -f entries.ldif -x -D "cn=Manager,<BASEDN>" -W


Create a basic ldap.conf:

cat > /etc/openldap/ldap.conf << "EOF"
# Begin /etc/openldap/ldap.conf

URI     ldap://<fqdn of ldap server>


# End /etc/openldap/ldap.conf

Where to go from here?

Configuring clients to authenticate against LDAP, and possibly Kerberos

The nss_ldap page contains information on creating some base OUs (Organizational Units) and starting to create your users and groups.

Retrieved from "?title=OpenLDAP&oldid=17825"