Configuring OpenLDAP

Setup the OpenLDAP server by editing the /etc/openldap/slapd.conf file
The defaults are not too bad but you need the following schema loaded:

Near the bottom you will see the database settings and the built in admin account. You really want to create a decent password for this account as it is pretty important. In the example below the root of the tree is called SFS and the admin account exists in the root of the tree.

To create a secure OpenLDAP password use the slappasswd tool on the command line:

# slappasswd -s Some really good password

Copy and paste the output and put it into your slapd.conf file in the rootpw field.

Following the admin configuration details you need to define some search indexes for PAM/Samba otherwise your server logs will soon get flooded with annoying messages.

index objectClass,uid,uidNumber,gidNumber,member,memberUid eq
index default sub

Save these changes and start the LDAP server.

# /etc/init.d/ldap start

Import the root tree into the new LDAP service. The easiest way to do this is to create a small file containing the following:

dn: o=sfs
objectClass: organization
objectClass: top
o: sfs

(You should replace sfs with the name of your tree)

Save the file as tree.ldif in your home directory and then run the following command (whilst in your home directory):

# slapadd -l ./tree.ldif

This will create the root tree for our new LDAP database.

Now is a good time to restart your LDAP server as I have had issues in the past with the next step not working without a service restart. While you are at it make sure OpenLDAP, SMB and NMD (the Samba daemons) are all loading at startup in Yast (System -> Runlevel Editor).