During the installation slapd ask you some basic configuration like the root of your directory, the distinguished name of the slapd manager, his password, ldap version (choose v3), the database frontend (choose hdb), and enable LDAPv2 compatibility (choose No) .
# # LDAP Defaults # # See ldap.conf(5) for details # This file should be world readable but not world writable. BASE <your-base-dn>URI ldap://<ip_address_OR_FQDN_of_your_ldap_server> BINDDN <admin-dn> #SIZELIMIT 12 #TIMELIMIT 15 #DEREF never
# The distinguished name of the search base.base <your-base-dn># Another way to specify your LDAP server is to provide anuri ldapi:///<ip_address_OR_FQDN_of_your_ldap_server># The LDAP version to use (defaults to 3# if supported by client library)ldap_version 3# The distinguished name to bind to the server with# if the effective user ID is root. Password is# stored in /etc/libnss-ldap.secret (mode 600)# Use 'echo -n "mypassword" > /etc/libnss-ldap.secret' instead# of an editor to create the file.rootbinddn <admin-dn># Hash password locally; required for University of# Michigan LDAP server, and works with Netscape# Directory Server if you're using the UNIX-Crypt# hash mechanism and not using the NT Synchronization# service.pam_password cryptnss_base_passwd ou=People,<your-base-dn>?one
3. Create a custom LDAP schema
Clients will query the Directory server to retrieve policy objects that applies to them. These objects should at least have a serial number and an URI to the GPO file on the file server. As there is no standard LDAP object class to do that, you’ll have to write a custom schema.
Create a groupPolicyDescriptor (inheriting from top) class with two string attributes:
id (32 characters)
uri (255 characters)
The id will be a UUID hexadecimal string that will be used to GPD’s from one another.
The uri field will be used by the client to get the file.
You don’t have to write any GPO deployment tool for this project Just use a plain LDIF file to put groupPolicyDescriptor’s in your OU’‘s for test purposes. There is no need to write a dedicated UUID for this part: Just use a random one.
Each schema element is identified by a globally unique Object Identifier (OID). OIDs are also used to identify other objects. They are commonly found in protocols described by ASN.1. In particular, they are heavily used by the Simple Network Management Protocol (SNMP). As OIDs are hierarchical, your organization can obtain one OID and branch it as needed. For example, if your organization were assigned OID 1.1, you could branch the tree as follows:
See “8.2.1 Object Identifier - Table 8.2 Example OID hierarchy”