Linux provides both server-side and client-side support for the Lightweight Directory Access Protocol (LDAP) facility. This is a standards-based facility, so it is compatible with other LDAP implementations, including Microsoft’s Active Directory. Data suitable for a directory service has low volatility as LDAP is optimized for read-mostly access; database systems are tailored for more volatile data. A classic example of data suitable for directory services is the ordinary telephone directory.
LDAP content is organized according to a data definition language, or schema. Standard schema are available but customized schema are also possible. Much of the value of using LDAP is to consolidate corporate information about resources, such as login passwords, to centralize administration efforts.
The Linux LDAP implementation has two main components: slapd, a stand-alone LDAP daemon, and slurpd, a stand-alone LDAP replication daemon. The two daemons work cooperatively, slapd maintaining the local LDAP information and slurpd replicating these changes to additional LDAP directories.
Both these LDAP daemons are configured using a common /etc/openldap/slapd.conf file. The ldap service script also consults the /etc/sysconfig/network configuration file to determine whether the Linux network layer is activated, but no LDAP configuration is done there.
How to start or stop this service immediately:
# service ldap start # service ldap stop
To control the service on future boots:
# chkconfig --list ldap ldap 0:off 1:off 2:off 3:off 4:off 5:off 6:off
# chkconfig ldap on
To obtain this service, install the below package using yum:
Dependencies Resolved =============================================================================================================================================================================================== Package Arch Version Repository Size =============================================================================================================================================================================================== Installing: openldap-servers x86_64 2.4.44-5.el7 BAVA 2.2 M Installing for dependencies: libtool-ltdl x86_64 2.4.2-22.el7_3 BAVA 49 k Updating for dependencies: openldap x86_64 2.4.44-5.el7 BAVA 354 k Transaction Summary =============================================================================================================================================================================================== Install 1 Package (+1 Dependent package) Upgrade ( 1 Dependent package) Total download size: 2.6 M Is this ok [y/d/N]:
Configuration file is /etc/openldap/ldap.conf and the default is shown below:
# vi /etc/openldap/ldap.conf #BASE dc=example, dc=com #URI ldap://ldap.example.com ldap://ldap-master.example.com:666 #SIZELIMIT 12 #TIMELIMIT 15 #DEREF never URI ldap://127.0.0.1/ BASE dc=example,dc=com TLS_CACERTDIR /etc/openldap/cacerts
This file must be customized prior to starting the LDAP services.