Directory services for Linux

Directory services are a standard feature of any medium to large corporate network. If you’re unfamiliar with the concept of a directory, think of it like an address book for networks. Information on people (e.g., name, e-mail address) and systems (e.g., file shares, printers) is stored within the directory for access by applications. The role of a directory service is to make administering and navigating a large network much more manageable. Network-wide functions such as authentication, user databases and centralised file repositories can all be provided using a directory service.

Linux already has a strong reputation as an excellent file and Web server operating system. In this column, we take a look at some of the tools for providing directory services for a network on a Linux server.


The Lightweight Directory Access Protocol is a standard method for accessing directory services across applications and platforms. The protocol is very simple and operates on top of TCP/IP. Most modern communication applications which can take advantage of directory access include support for LDAP. Examples of these include e-mail clients such as Microsoft Outlook and Ximian Evolution.

OpenLDAP ( is an open source implementation of LDAP v2 and v3 for Linux/UNIX. Included with OpenLDAP is a stand-alone server (slapd), a replication server (slurpd), and numerous utilities for interfacing with a LDAP server under Linux.

The information stored in an OpenLDAP database can be customised to your needs. You may just want to deploy an LDAP service to keep contact details for each member of staff in your company, or you may have a more exotic function in mind.

The OpenLDAP Administrators Guide ( provides a helpful and detailed introduction to installing and configuring OpenLDAP.

Samba 3.0 and Active Directory

Samba (, best known as a utility providing Windows file and printer sharing under Linux/UNIX, is also capable of providing some Windows directory services. Version 2.2 of Samba can act as a Windows NT Primary Domain Controller (PDC) to provide authentication services to Windows clients.

With the introduction of Windows 2000, Microsoft replaced Windows NT Domains with a more advanced directory system, Active Directory. Active Directory employs a hierarchical structure instead of the flat structure of Windows NT Domains. Security for the authentication services of Active Directory is provided by the Kerberos protocol. Active Directory also introduces support for lookups from LDAP-enabled applications.

Samba 3.0 (in beta at the time of writing) introduces support for authenticating against Active Directory servers and providing Active Directory server functions under Linux/UNIX. The introduction of Active Directory services within Samba has been a long time coming and will please system administrators currently maintaining both Active Directory and Windows NT Domains in a single environment. The combination of these two systems can cause administration headaches, and the migration to a single platform will solve many problems.

Enabling Active Directory support with Samba 3.0 requires the MIT Kerberos tools ( for authentication and OpenLDAP to communicate with Active Directory servers/clients using LDAP. Enabling Active Directory support is a simple compile time configuration option and requires an entry in the smb.conf configuration file similar to the following:

ads server =
security = ADS
encrypt passwords = yesKerberos must be configured to authenticate with Active Directory. Update krb5.conf to include the following:

kdc =
default_domain =
[domain_realm] = EXAMPLE.COM = EXAMPLE.COM

To authenticate with an Active Directory server, type the following in a shell:

$ /usr/kerberos/bin/kinit user@EXAMPLE.COM

If authentication is successful, you will be prompted for a password and then returned to a shell prompt. If the user you connected as has Administrator privileges on the Active Directory server, you can add your Linux server to the Active Directory by typing:

$ /usr/local/samba/bin/net ads join

To navigate the Active Directory, use the ‘smbclient’ command followed by a Windows share name. As you are authenticated in the Active Directory now, you should be able to view the share without a password.

Other directory services

IBM has recently released version 5.1 of IBM Directory Server ( product for Linux.

IBM Directory Server is based on the DB2 database server and implements LDAP v3 services with advanced features such as replication and Kerberos authentication. IBM Directory Server can be downloaded free of charge from

Join the PC World newsletter!

Error: Please check your email address.

Our Back to Business guide highlights the best products for you to boost your productivity at home, on the road, at the office, or in the classroom.

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Alastair Cousins

Show Comments

Most Popular Reviews

Latest News Articles


PCW Evaluation Team

Azadeh Williams

HP OfficeJet Pro 8730

A smarter way to print for busy small business owners, combining speedy printing with scanning and copying, making it easier to produce high quality documents and images at a touch of a button.

Andrew Grant

HP OfficeJet Pro 8730

I've had a multifunction printer in the office going on 10 years now. It was a neat bit of kit back in the day -- print, copy, scan, fax -- when printing over WiFi felt a bit like magic. It’s seen better days though and an upgrade’s well overdue. This HP OfficeJet Pro 8730 looks like it ticks all the same boxes: print, copy, scan, and fax. (Really? Does anyone fax anything any more? I guess it's good to know the facility’s there, just in case.) Printing over WiFi is more-or- less standard these days.

Ed Dawson

HP OfficeJet Pro 8730

As a freelance writer who is always on the go, I like my technology to be both efficient and effective so I can do my job well. The HP OfficeJet Pro 8730 Inkjet Printer ticks all the boxes in terms of form factor, performance and user interface.

Michael Hargreaves

Windows 10 for Business / Dell XPS 13

I’d happily recommend this touchscreen laptop and Windows 10 as a great way to get serious work done at a desk or on the road.

Aysha Strobbe

Windows 10 / HP Spectre x360

Ultimately, I think the Windows 10 environment is excellent for me as it caters for so many different uses. The inclusion of the Xbox app is also great for when you need some downtime too!

Mark Escubio

Windows 10 / Lenovo Yoga 910

For me, the Xbox Play Anywhere is a great new feature as it allows you to play your current Xbox games with higher resolutions and better graphics without forking out extra cash for another copy. Although available titles are still scarce, but I’m sure it will grow in time.

Featured Content

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?