it's a bad habbit i know but i just tend to see what's good at the M$ world and try to implement it, so i started with dynamic dns and dhcp.
and now i want to implement an active directory.
active directory is the M$ implementation of ldap, the active directory holds users information (info and passwords) and all workstations in the domain authenticate against it also the mail server (M$ exchange) plus other stuff i'm not interested in right now
so i will try to implement this but i have no idea what to do, anyways we'll see (hope someone helps)

Ok so finally i could do something, i could run an openLDAP server populate it with entries and authenticate other linux PCs to it and provide the user information in thunderbird addressbook (isn't that cool)
distro : FC3
packages installed :

• openldap-servers-2.2.13-2
• openldap-clients-2.2.13-2
• nss_ldap-220-3
• openldap-devel-2.2.13-2
• openldap-2.2.13-2

configuration files :

• /etc/openldap/slapd.conf (server conf)
• /etc/ldap.conf (client application conf)

now after you install the packages you start by editing slapd.conf

#
# See slapd.conf(5) for details on configuration options.
# This file should NOT be world readable.
#
include		/etc/openldap/schema/core.schema
include		/etc/openldap/schema/cosine.schema
include		/etc/openldap/schema/inetorgperson.schema
include		/etc/openldap/schema/nis.schema

pidfile		/var/run/slapd.pid
argsfile	/var/run/slapd.args

## ACL ##

access to * by * read

#######################################################################
# ldbm and/or bdb database definitions
#######################################################################

database	bdb
suffix		"dc=lab,dc=local"
rootdn		"cn=admin,dc=lab,dc=local"
rootpw		{crypt}

defaultaccess   read

directory	/var/lib/ldap

# Indices to maintain for this database
index objectClass                       eq,pres
index ou,cn,mail,surname,givenname      eq,pres,sub
#index uidNumber,gidNumber,loginShell    eq,pres
index uid,memberUid                     eq,pres,sub
#index nisMapName,nisMapEntry            eq,pres,sub

the first includes declare which schemas will your entries obey (i don't know much about them yet)
then defining args and pid file, then access controls (the line there lets anybody have read access)
defines the backend, defines the top of your ldap structure, admin user for the ldap server, the password for the admin this can be an encrypted password or a plain text password depending on waht you insert in the file if you use {crypt} it's encrypted if you just put it in plain text it's plain text, the rest is not really important to get started so i won't get into that now
now that we have configured the server, let's start it and populate it with user entries.
now some concepts (don't rely on me for concepts), these are my 2cents notes on understanding this issue

• ldap data are stored in databse backend as objects
• ldap objects are a set of attributes
• Each object has a DN (distinguished name) attribute that identifies it uniquely
• Objects in an LDAP database are organized into a tree hierarchy, based on their DN
• the tree should start from to to bottom of your organization example: "com -> company -> OU (organisational unit) -> user"
• each application needs/understands certain attributes

example of an entry for a user (see how it has DN object to identify it and the a set of attributes for details)

dn: uid=john,ou=people,dc=example,dc=com
cn: John Doe
uid: john
uidNumber: 1001
gidNumber: 100
homeDirectory: /home/john
loginShell: /bin/bash
objectClass: top
objectClass: posixAccount

now looking at this example we can see that it is an entry for a posixaccount (unix user account) that the pam_ldap would look for to get user information.
Now how do we populate such data in ldap, simple there is a file format called LDIF (ldap data interchange format) that does it, you open an empty text file, you write in your entries and then ldapadd -W -D "cn=admin,dc=lab,dc=local" -f file.ldif while the server is running. this command will create the database entries which will be located in /var/lib/ldap/ (as defined in the slapd.conf) and if you delete these files you can start from scratch and populate new data.
now the most important thing to do thetrick is to figure out what to put in that ldif file (that took a lot of time and reading, lucky for you i did my homework and you can bypass that time, i hope) here is my sample file

dn: dc=lab, dc=local
objectClass: top
objectclass: organization
objectclass: dcObject
o: Opencraft labs
dc: lab

dn: ou=users,dc=lab, dc=local
ou: users
objectClass: top
objectClass: organizationalUnit

dn: ou=groups,dc=lab, dc=local
ou: groups
objectClass: top
objectClass: organizationalUnit

dn: cn=engineering, ou=groups, dc=lab, dc=local
objectclass: top
objectclass: posixGroup
cn: engineering
gidnumber: 500
memberuid: foo

dn: cn=ramez hanna,ou=users,dc=lab, dc=local
objectClass: top
objectClass: person
objectClass: posixAccount
objectClass: shadowAccount
objectClass: organizationalPerson
objectClass: inetOrgPerson
uid: ramez
userpassword: {crypt}
uidnumber: 500
gidnumber: 500
gecos:ramez zoheir hanna
loginShell:/bin/bash
homeDirectory: /home/rhanna
shadowLastChange:10877
shadowMin: 0
shadowMax: 999999
shadowWarning: 7
shadowInactive: -1
shadowExpire: -1
shadowFlag: 0
cn: ramez hanna
givenname: ramez
sn: hanna       
mail: me@domain.com
title: CEO
StreetAddress: somewhere 
l: cairo
postalCode: huh
telephoneNumber: 54545454
homephone: 454545454
mobile: 555555555
facsimileTelephoneNumber: 555555

now i wish you good luck if you chose to follow my steps and try it

TDOD :

• secure the server using ssl
• more on the acls
• figure out how to create {crypt} passwords
• let other webapps that don't use pam authenticate against this server

references :

• http://www.educ.umu.se/~bjorn/linux/howto/mini/LDAP-HOWTO-1.html
• http://www.yolinux.com/TUTORIALS/LinuxTutorialLDAP.html
• http://www.yolinux.com/TUTORIALS/LDAP_Authentication.html
• http://linux.cudeso.be/linuxdoc/ldap.php