Difference between revisions of "OpenLDAP"
Jump to navigation
Jump to search
↑ https://www.youtube.com/watch?v=bp8ffdY7Mu4
↑ https://wiki.samba.org/index.php/OpenLDAP_as_proxy_to_AD
↑ https://doc.owncloud.org/server/10.0/admin_manual/configuration/ldap/ldap_proxy_cache_server_setup.html
↑ https://www.itzgeek.com/how-tos/linux/centos-how-tos/step-step-openldap-server-configuration-centos-7-rhel-7.html
↑ https://howdoilinux.com/2015/05/openldap-to-active-directory-proxy-configuration/
Michael.mast (talk | contribs) (→Notes) |
Michael.mast (talk | contribs) |
||
| Line 8: | Line 8: | ||
yum -y install openldap openldap-servers | yum -y install openldap openldap-servers | ||
| + | cat <<EOF >>/etc/openldap/slapd.conf | ||
| + | moduleload back_ldap | ||
| + | |||
| + | include /etc/openldap/schema/core.schema | ||
| + | include /etc/openldap/schema/cosine.schema | ||
| + | include /etc/openldap/schema/nis.schema | ||
| + | include /etc/openldap/schema/inetorgperson.schema | ||
| + | |||
| + | |||
| + | pidfile /var/run/openldap/slapd.pid | ||
| + | argsfile /var/run/openldap/slapd.args | ||
| + | |||
| + | sizelimit unlimited | ||
| + | |||
| + | idletimeout 3600 | ||
| + | writetimeout 600 | ||
| + | |||
| + | database ldap | ||
| + | suffix "dc=your,dc=tld" | ||
| + | uri "ldap://domaincontroller" | ||
| + | chase-referrals no | ||
| + | idassert-bind bindmethod=simple | ||
| + | mode=self | ||
| + | binddn="cn=binduser,ou=Users,DC=your,DC=tld" | ||
| + | credentials="password" | ||
| + | |||
| + | logfile /var/log/slapd.log | ||
| + | loglevel 1 | ||
| + | EOF | ||
| + | |||
| + | slaptest -f /etc/openldap/slapd.conf -F /etc/openldap/slapd.d/ | ||
| + | systemctl enable slapd | ||
| + | systemctl start slapd | ||
| + | firewall-cmd --permanent --add-service=ldap | ||
| + | firewall-cmd --reload | ||
</pre> | </pre> | ||
Revision as of 13:39, 2 March 2018
Active Directory LDAP Proxy
Purpose
To proxy secure LDAP requests from the internet to MS AD.
Commands
CentOS 7
On a clean install with epel-release installed (not needed, but it is part of my initial setup script)
yum -y install openldap openldap-servers
cat <<EOF >>/etc/openldap/slapd.conf
moduleload back_ldap
include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/nis.schema
include /etc/openldap/schema/inetorgperson.schema
pidfile /var/run/openldap/slapd.pid
argsfile /var/run/openldap/slapd.args
sizelimit unlimited
idletimeout 3600
writetimeout 600
database ldap
suffix "dc=your,dc=tld"
uri "ldap://domaincontroller"
chase-referrals no
idassert-bind bindmethod=simple
mode=self
binddn="cn=binduser,ou=Users,DC=your,DC=tld"
credentials="password"
logfile /var/log/slapd.log
loglevel 1
EOF
slaptest -f /etc/openldap/slapd.conf -F /etc/openldap/slapd.d/
systemctl enable slapd
systemctl start slapd
firewall-cmd --permanent --add-service=ldap
firewall-cmd --reload
Notes
- Interesting YouTube Video that covers everything except enabling TLS[1]
- openLDAP as proxy to Active Directory as stated by SAMBA[2]
- A guide by owncloud.org[3]
- Possible howto on enabling TLS[4]
- Here is someone that has already gone through the work for me. Will be working off of this how-to.[5]
