LDAP configuration

Following is a brief introduction to configuring and adding a new directory for example.com.
To get to the module, open the YaST Control Center, and select Network Services > LDAP Server. The first option is whether to start the server on system boot. Leave this as yes and select configure.

2. The next screen allows for configuration of the LDAP server and directories. There is a navigation pane on the left. For example, selecting Global Settings > Schema Files shows the current schemes being used, and allows for schemes to be added or removed. For more in-depth information about LDAP configuration with YaST, see section 21.8.5 in the SUSE LINUX Enterprise Server Administration Guide.

3. The Databases section shows the currently configured directories. If SLES is installed with the defaults there will be one directory, site, which contains the login information for the users on this system. Create a new directory be selecting Databases in the left pane, and clicking Add Database. A new window is displayed which allows for new database information to be entered.

Fill in all the fields as follows:
Base DN: dc=example,dc=com
Root DN: cn=Admin (Be sure Append Base DN is checked. Otherwise this field would need: cn=Admin,dc=example,dc=com)
LDAP Password: Enter a new password for the directory and select the encryption method.
Database Directory: /var/lib/ldap/example.com/
This is the path to a folder where the directory files will be stored. Make sure the folder already exists.

4.Select OK and notice the new directory now shows up in the database list. Select Finish to commit the changes.
5.The new directory for example.com has now been set up. It has the base DN of dc=example,dc=com and an administrator user, cn=Admin,dc=example,dc=com. It is now ready to have additional entries added either by other clients which administer LDAP directories (such as the Network Services > LDAP Client), or by using the openLDAP command-line tools.

openLDAP on Suse Linux ES
SLES uses the open-source implementation of LDAP, called openLDAP. It is already be installed on any system that uses the default installation settings. There are only a few files that generally need to be accessed directly:
/etc/openldap/sldap.conf – The main configuration file for openLDAP. It contains sections for defining the schema of the directories, the access control settings for the directories, and the general settings for each individual directory.
/etc/openldap/schema/*.schema – Directories follow specifically defined schemes. These .schema files define several standard schemes. Referencing these .schema files in /etc/openldap/sldap.conf applies these schemes to the openLDAP directories.
/etc/init.d/ldap – The init script used to start, stop, and restart the openLDAP service.

LDAP

What is LDAP?
LDAP stands for Lightweight Directory Access Protocol. LDAP is a protocol which provides access to a compliant directory via TCP/IP. The strengths of LDAP-compliant directories include speed, simplicity, and the ability to be replicated and distributed across several servers. A LDAP directory can be used to store a great deal of information: from user login credentials to company telephone directories.
LDAP was created as a less complicated implementation of the Directory Access Protocol (DAP), and is based on the OSI X.500 standard. These standards establish directories as being hierarchical---representing the structure of an organization. There are many directories that support the LDAP protocol, each with their own benefits and drawbacks. Examples include openLDAP, the open-source implementation that ships with SLES; and eDirectory, Novell's flagship identity management product.
Directories vs. databases
The terms directory and database are often used interchangeably when referring to LDAP compliant directories. In this article, directory refers to a LDAP complaint directory, and database refers to relational databases, such as MySQL or Oracle. The two are related, in that they both store information in a structured way, but differ in their implementation. In many cases, directories and databases could both fulfill a particular need. It is important to understand the differences between the two to best determine which to implement.
The largest general difference between directories and databases is complexity. Databases are capable of storing almost any arbitrary set of information and can can be greatly customized for a specific purpose. They also provide a complex query interface, allowing for flexible searches returning customized results. Directories, on the other hand, tend to have very specific implementations that follow a strict pattern or schema. This allows them to be extremely fast, and allows for easy organization and comprehension of the data they store

LDAP concepts
Directories are viewed as a tree, like a computer's file system. This overall tree structure is called the Directory Information Tree (DIT). Each entry in a directory is called an object. These objects are of two types, containers and leafs. A container is like a folder: it contains other containers or leafs. A leaf is simply an object at the end of a tree. A tree cannot contain any arbitrary set of containers and leafs. It must match the schema defined for the directory.