= Basic OpenLDAP 2.4 from scratch =

{{{
yum install openldap-servers openldap-clients ldapvi
}}}

{{{
cp /usr/share/openldap-servers/DB_CONFIG.example /var/lib/ldap/DB_CONFIG
systemctl enable slapd.service 
systemctl start slapd.service
}}}

Generate password for RootDN with {{{slappasswd}}}
The correct way to configure -- usgin ldapmodify. SASL auth enabled by default. 
{{{
ldapvi -Y EXTERNAL -h ldapi:/// -b cn=config
}}}

Edit database:
{{{
6 olcDatabase={2}hdb,cn=config
objectClass: olcDatabaseConfig
objectClass: olcHdbConfig
olcDatabase: {2}hdb
olcDbDirectory: /var/lib/ldap
olcSuffix: dc=grid,dc=imbg,dc=org,dc=ua
olcRootDN: cn=Manager,dc=grid,dc=imbg,dc=org,dc=ua
olcRootPW: {SSHA}aAlr6hDxbcIp75HdDTI/TP5XjzBFR/Sl
olcAccess: to attrs=userPassword
 by self write
 by anonymous auth
 by dn.base="cn=Manager,dc=grid,dc=imbg,dc=org,dc=ua" write
 by * none
olcAccess: to * 
 by self write 
 by * read
olcDbIndex: objectClass eq,pres
olcDbIndex: ou,cn,mail,surname,givenname eq,pres,sub
}}}

Add LDAP schemas:
{{{
ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/cosine.ldif 
ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/nis.ldif 
ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/inetorgperson.ldif 
}}}